Browse Source

REPORT-30379 bouncycastle存在安全问题,fine-itext、fine-itext-old 适配高版本

release/10.0
Hugh.C 5 years ago
parent
commit
72d6364e04
  1. 368
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java
  2. 270
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java
  3. 45
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  4. 40
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java
  5. 460
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java
  6. 12
      fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java
  7. 370
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java
  8. 268
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java
  9. 45
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
  10. 40
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java
  11. 460
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java
  12. 12
      fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java

368
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java

@ -1,184 +1,184 @@
/* ///*
* $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ // * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
* // *
* Copyright 2009 Paulo Soares // * Copyright 2009 Paulo Soares
* // *
* The contents of this file are subject to the Mozilla Public License Version 1.1 // * The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License. // * (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/ // * You may obtain a copy of the License at http://www.mozilla.org/MPL/
* // *
* Software distributed under the License is distributed on an "AS IS" basis, // * Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License // * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License. // * for the specific language governing rights and limitations under the License.
* // *
* The Original Code is 'iText, a free JAVA-PDF library'. // * The Original Code is 'iText, a free JAVA-PDF library'.
* // *
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by // * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. // * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved. // * All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer // * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. // * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
* // *
* Contributor(s): all the names of the contributors are added in the source code // * Contributor(s): all the names of the contributors are added in the source code
* where applicable. // * where applicable.
* // *
* Alternatively, the contents of this file may be used under the terms of the // * Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the // * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to // * provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL // * allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under // * License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and // * the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL. // * replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version // * If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. // * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
* // *
* This library is free software; you can redistribute it and/or modify it // * This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU // * under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation; // * Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version. // * either version 2 of the License, or any later version.
* // *
* This library is distributed in the hope that it will be useful, but WITHOUT // * This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS // * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more // * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details. // * details.
* // *
* If you didn't download this code from the following link, you should check if // * If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version: // * you aren't using an obsolete version:
* http://www.lowagie.com/iText/ // * http://www.lowagie.com/iText/
*/ // */
//
package com.fr.third.com.lowagie.text.pdf; //package com.fr.third.com.lowagie.text.pdf;
//
import com.fr.third.com.lowagie.text.ExceptionConverter; //import com.fr.third.com.lowagie.text.ExceptionConverter;
import java.io.BufferedOutputStream; //import java.io.BufferedOutputStream;
import java.io.DataOutputStream; //import java.io.DataOutputStream;
import java.io.IOException; //import java.io.IOException;
import java.io.InputStream; //import java.io.InputStream;
import java.io.OutputStream; //import java.io.OutputStream;
import java.math.BigInteger; //import java.math.BigInteger;
import java.net.HttpURLConnection; //import java.net.HttpURLConnection;
import java.net.URL; //import java.net.URL;
import java.security.Security; //import java.security.Security;
import java.security.cert.X509Certificate; //import java.security.cert.X509Certificate;
import java.util.Vector; //import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString; //import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension; //import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions; //import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp; //import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID; //import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus; //import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException; //import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq; //import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator; //import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp; //import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp; //import org.bouncycastle.ocsp.SingleResp;
//
/** ///**
* OcspClient implementation using BouncyCastle. // * OcspClient implementation using BouncyCastle.
* @author psoares // * @author psoares
* @since 2.1.6 // * @since 2.1.6
*/ // */
public class OcspClientBouncyCastle implements OcspClient { //public class OcspClientBouncyCastle implements OcspClient {
/** root certificate */ // /** root certificate */
private X509Certificate rootCert; // private X509Certificate rootCert;
/** check certificate */ // /** check certificate */
private X509Certificate checkCert; // private X509Certificate checkCert;
/** OCSP URL */ // /** OCSP URL */
private String url; // private String url;
//
/** // /**
* Creates an instance of an OcspClient that will be using BouncyCastle. // * Creates an instance of an OcspClient that will be using BouncyCastle.
* @param checkCert the check certificate // * @param checkCert the check certificate
* @param rootCert the root certificate // * @param rootCert the root certificate
* @param url the OCSP URL // * @param url the OCSP URL
*/ // */
public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { // public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
this.checkCert = checkCert; // this.checkCert = checkCert;
this.rootCert = rootCert; // this.rootCert = rootCert;
this.url = url; // this.url = url;
} // }
//
/** // /**
* Generates an OCSP request using BouncyCastle. // * Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues // * @param issuerCert certificate of the issues
* @param serialNumber serial number // * @param serialNumber serial number
* @return an OCSP request // * @return an OCSP request
* @throws OCSPException // * @throws OCSPException
* @throws IOException // * @throws IOException
*/ // */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { // private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
//Add provider BC // //Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// Generate the id for the certificate we are looking for // // Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); // CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
//
// basic request generation with nonce // // basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator(); // OCSPReqGenerator gen = new OCSPReqGenerator();
//
gen.addRequest(id); // gen.addRequest(id);
//
// create details for nonce extension // // create details for nonce extension
Vector oids = new Vector(); // Vector oids = new Vector();
Vector values = new Vector(); // Vector values = new Vector();
//
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); // oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); // values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
//
gen.setRequestExtensions(new X509Extensions(oids, values)); // gen.setRequestExtensions(new X509Extensions(oids, values));
//
return gen.generate(); // return gen.generate();
} // }
//
/** // /**
* @return a byte array // * @return a byte array
* @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded() // * @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded()
*/ // */
public byte[] getEncoded() { // public byte[] getEncoded() {
try { // try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); // OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded(); // byte[] array = request.getEncoded();
URL urlt = new URL(url); // URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); // HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request"); // con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response"); // con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true); // con.setDoOutput(true);
OutputStream out = con.getOutputStream(); // OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); // DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array); // dataOut.write(array);
dataOut.flush(); // dataOut.flush();
dataOut.close(); // dataOut.close();
if (con.getResponseCode() / 100 != 2) { // if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response"); // throw new IOException("Invalid HTTP response");
} // }
//Get Response // //Get Response
InputStream in = (InputStream) con.getContent(); // InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in); // OCSPResp ocspResponse = new OCSPResp(in);
//
if (ocspResponse.getStatus() != 0) // if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus()); // throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); // BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) { // if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses(); // SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) { // if (responses.length == 1) {
SingleResp resp = responses[0]; // SingleResp resp = responses[0];
Object status = resp.getCertStatus(); // Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) { // if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded(); // return basicResponse.getEncoded();
} // }
else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { // else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!"); // throw new IOException("OCSP Status is revoked!");
} // }
else { // else {
throw new IOException("OCSP Status is unknown!"); // throw new IOException("OCSP Status is unknown!");
} // }
} // }
} // }
} // }
catch (Exception ex) { // catch (Exception ex) {
throw new ExceptionConverter(ex); // throw new ExceptionConverter(ex);
} // }
return null; // return null;
} // }
} //}

270
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java

@ -46,6 +46,8 @@
*/ */
package com.fr.third.com.lowagie.text.pdf; package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File; import java.io.File;
@ -75,43 +77,41 @@ import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.Set; import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable; import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector; import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream; import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence; import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set; import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject; import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated; import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger; import com.fr.third.org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull; import com.fr.third.org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject; import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DEROutputStream; import com.fr.third.org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSequence; import com.fr.third.org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERString; import com.fr.third.org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.DERTaggedObject; import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.DERUTCTime; import com.fr.third.org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable; import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.cms.Attribute; import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
import com.fr.third.com.lowagie.text.ExceptionConverter; import com.fr.third.com.lowagie.text.ExceptionConverter;
import java.security.cert.CertificateParsingException; import java.security.cert.CertificateParsingException;
import java.util.Date; import java.util.Date;
import org.bouncycastle.asn1.ASN1OctetString; import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint; import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions; import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp; //import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID; //import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp; //import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.tsp.TimeStampToken; //import org.bouncycastle.tsp.TimeStampToken;
/** /**
* This class does all the processing related to signing and verifying a PKCS#7 * This class does all the processing related to signing and verifying a PKCS#7
@ -167,7 +167,7 @@ public class PdfPKCS7 {
*/ */
private String signName; private String signName;
private TimeStampToken timeStampToken; // private TimeStampToken timeStampToken;
private static final HashMap digestNames = new HashMap(); private static final HashMap digestNames = new HashMap();
private static final HashMap algorithmNames = new HashMap(); private static final HashMap algorithmNames = new HashMap();
@ -273,23 +273,23 @@ public class PdfPKCS7 {
* @return the timestamp token or null * @return the timestamp token or null
* @since 2.1.6 * @since 2.1.6
*/ */
public TimeStampToken getTimeStampToken() { // public TimeStampToken getTimeStampToken() {
return timeStampToken; // return timeStampToken;
} // }
/** /**
* Gets the timestamp date * Gets the timestamp date
* @return a date * @return a date
* @since 2.1.6 * @since 2.1.6
*/ */
public Calendar getTimeStampDate() { // public Calendar getTimeStampDate() {
if (timeStampToken == null) // if (timeStampToken == null)
return null; // return null;
Calendar cal = new GregorianCalendar(); // Calendar cal = new GregorianCalendar();
Date date = timeStampToken.getTimeStampInfo().getGenTime(); // Date date = timeStampToken.getTimeStampInfo().getGenTime();
cal.setTime(date); // cal.setTime(date);
return cal; // return cal;
} // }
/** /**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1. * Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
@ -319,19 +319,19 @@ public class PdfPKCS7 {
} }
} }
private BasicOCSPResp basicResp; // private BasicOCSPResp basicResp;
/** /**
* Gets the OCSP basic response if there is one. * Gets the OCSP basic response if there is one.
* @return the OCSP basic response or null * @return the OCSP basic response or null
* @since 2.1.6 * @since 2.1.6
*/ */
public BasicOCSPResp getOcsp() { // public BasicOCSPResp getOcsp() {
return basicResp; // return basicResp;
} // }
private void findOcsp(ASN1Sequence seq) throws IOException { private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null; // basicResp = null;
boolean ret = false; boolean ret = false;
while (true) { while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
@ -362,7 +362,7 @@ public class PdfPKCS7 {
DEROctetString os = (DEROctetString)seq.getObjectAt(1); DEROctetString os = (DEROctetString)seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets()); ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp); // basicResp = new BasicOCSPResp(resp);
} }
/** /**
@ -379,7 +379,7 @@ public class PdfPKCS7 {
// //
// Basic checks to make sure it's a PKCS#7 SignedData Object // Basic checks to make sure it's a PKCS#7 SignedData Object
// //
DERObject pkcs; ASN1Object pkcs;
try { try {
pkcs = din.readObject(); pkcs = din.readObject();
@ -464,7 +464,7 @@ public class PdfPKCS7 {
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false); ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded(ASN1Encodable.DER); sigAttr = sseq.getEncoded("DER");
for (int k = 0; k < sseq.size(); ++k) { for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
@ -499,7 +499,7 @@ public class PdfPKCS7 {
ASN1Set attributeValues = ts.getAttrValues(); ASN1Set attributeValues = ts.getAttrValues();
ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
ContentInfo contentInfo = new ContentInfo(tokenSequence); ContentInfo contentInfo = new ContentInfo(tokenSequence);
this.timeStampToken = new TimeStampToken(contentInfo); // this.timeStampToken = new TimeStampToken(contentInfo);
} }
} }
if (RSAdata != null || digestAttr != null) { if (RSAdata != null || digestAttr != null) {
@ -641,15 +641,15 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise * @return true if it checks false otherwise
* @since 2.1.6 * @since 2.1.6
*/ */
public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { // public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
if (timeStampToken == null) // if (timeStampToken == null)
return false; // return false;
MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); // MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); // byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
byte[] imphashed = imprint.getHashedMessage(); // byte[] imphashed = imprint.getHashedMessage();
boolean res = Arrays.equals(md, imphashed); // boolean res = Arrays.equals(md, imphashed);
return res; // return res;
} // }
/** /**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order. * Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
@ -888,27 +888,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found * @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6 * @since 2.1.6
*/ */
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { // public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null) // if (provider == null)
provider = "BC"; // provider = "BC";
try { // try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { // for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try { // try {
String alias = (String)aliases.nextElement(); // String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias)) // if (!keystore.isCertificateEntry(alias))
continue; // continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); // X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.verify(certStoreX509.getPublicKey(), provider)) // if (ocsp.verify(certStoreX509.getPublicKey(), provider))
return true; // return true;
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
} // }
} // }
catch (Exception e) { // catch (Exception e) {
} // }
return false; // return false;
} // }
/** /**
* Verifies a timestamp against a KeyStore. * Verifies a timestamp against a KeyStore.
@ -918,27 +918,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found * @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6 * @since 2.1.6
*/ */
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { // public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
if (provider == null) // if (provider == null)
provider = "BC"; // provider = "BC";
try { // try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { // for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try { // try {
String alias = (String)aliases.nextElement(); // String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias)) // if (!keystore.isCertificateEntry(alias))
continue; // continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); // X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
ts.validate(certStoreX509, provider); // ts.validate(certStoreX509, provider);
return true; // return true;
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
} // }
} // }
catch (Exception e) { // catch (Exception e) {
} // }
return false; // return false;
} // }
/** /**
* Retrieves the OCSP URL from the given certificate. * Retrieves the OCSP URL from the given certificate.
@ -949,7 +949,7 @@ public class PdfPKCS7 {
*/ */
public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException { public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
try { try {
DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
if (obj == null) { if (obj == null) {
return null; return null;
} }
@ -961,7 +961,7 @@ public class PdfPKCS7 {
continue; continue;
} else { } else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1)); String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1));
if ( AccessLocation == null ) { if ( AccessLocation == null ) {
return "" ; return "" ;
} else { } else {
@ -980,26 +980,26 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise * @return true if it checks false otherwise
* @since 2.1.6 * @since 2.1.6
*/ */
public boolean isRevocationValid() { // public boolean isRevocationValid() {
if (basicResp == null) // if (basicResp == null)
return false; // return false;
if (signCerts.size() < 2) // if (signCerts.size() < 2)
return false; // return false;
try { // try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); // X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0]; // SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID(); // CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate(); // X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1]; // X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); // CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
return tis.equals(cid); // return tis.equals(cid);
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
return false; // return false;
} // }
private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid); byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) { if (bytes == null) {
return null; return null;
@ -1010,7 +1010,7 @@ public class PdfPKCS7 {
return aIn.readObject(); return aIn.readObject();
} }
private static String getStringFromGeneralName(DERObject names) throws IOException { private static String getStringFromGeneralName(ASN1Object names) throws IOException {
DERTaggedObject taggedObject = (DERTaggedObject) names ; DERTaggedObject taggedObject = (DERTaggedObject) names ;
return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
} }
@ -1020,11 +1020,11 @@ public class PdfPKCS7 {
* @param enc a TBSCertificate in a byte array * @param enc a TBSCertificate in a byte array
* @return a DERObject * @return a DERObject
*/ */
private static DERObject getIssuer(byte[] enc) { private static ASN1Object getIssuer(byte[] enc) {
try { try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject(); ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
} }
catch (IOException e) { catch (IOException e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1036,11 +1036,11 @@ public class PdfPKCS7 {
* @param enc A TBSCertificate in a byte array * @param enc A TBSCertificate in a byte array
* @return a DERObject * @return a DERObject
*/ */
private static DERObject getSubject(byte[] enc) { private static ASN1Object getSubject(byte[] enc) {
try { try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject(); ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
} }
catch (IOException e) { catch (IOException e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1340,7 +1340,7 @@ public class PdfPKCS7 {
*/ */
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try { try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER); return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
} }
catch (Exception e) { catch (Exception e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1575,7 +1575,7 @@ public class PdfPKCS7 {
vs = new ArrayList(); vs = new ArrayList();
values.put(id, vs); values.put(id, vs);
} }
vs.add(((DERString)s.getObjectAt(1)).getString()); vs.add(((ASN1String)s.getObjectAt(1)).getString());
} }
} }
} }

45
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -89,6 +89,8 @@
package com.fr.third.com.lowagie.text.pdf; package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -107,22 +109,21 @@ import javax.crypto.Cipher;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject; import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DEROutputStream; import com.fr.third.org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.EnvelopedData; import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientIdentifier; import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.cms.RecipientInfo; import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
/** /**
* @author Aiken Sam (aikensam@ieee.org) * @author Aiken Sam (aikensam@ieee.org)
@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler {
pkcs7input[22] = two; pkcs7input[22] = two;
pkcs7input[23] = one; pkcs7input[23] = one;
DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler {
return EncodedRecipients; return EncodedRecipients;
} }
private DERObject createDERForRecipient(byte[] in, X509Certificate cert) private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException, throws IOException,
GeneralSecurityException GeneralSecurityException
{ {
@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler {
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
DERObject derobject = asn1inputstream.readObject(); ASN1Object derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s); KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128); keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey(); SecretKey secretkey = keygenerator.generateKey();
@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler {
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null);
ContentInfo contentinfo = ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getDERObject(); return contentinfo.getContentType();
} }
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler {
new IssuerAndSerialNumber( new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(), tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue()); tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId()); Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate); cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);

40
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java

@ -78,8 +78,8 @@ import com.fr.third.com.lowagie.text.exceptions.UnsupportedPdfException;
import com.fr.third.com.lowagie.text.pdf.interfaces.PdfViewerPreferences; import com.fr.third.com.lowagie.text.pdf.interfaces.PdfViewerPreferences;
import com.fr.third.com.lowagie.text.pdf.internal.PdfViewerPreferencesImp; import com.fr.third.com.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
import org.bouncycastle.cms.CMSEnvelopedData; //import com.fr.third.org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.RecipientInformation; //import com.fr.third.org.bouncycastle.cms.RecipientInformation;
/** Reads a PDF document. /** Reads a PDF document.
* @author Paulo Soares (psoares@consiste.pt) * @author Paulo Soares (psoares@consiste.pt)
@ -709,24 +709,24 @@ public class PdfReader implements PdfViewerPreferences {
PdfObject recipient = recipients.getPdfObject(i); PdfObject recipient = recipients.getPdfObject(i);
strings.remove(recipient); strings.remove(recipient);
CMSEnvelopedData data = null; // CMSEnvelopedData data = null;
try { // try {
data = new CMSEnvelopedData(recipient.getBytes()); // data = new CMSEnvelopedData(recipient.getBytes());
//
Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); // Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
//
while (recipientCertificatesIt.hasNext()) { // while (recipientCertificatesIt.hasNext()) {
RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); // RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
//
if (recipientInfo.getRID().match(certificate) && !foundRecipient) { // if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); // envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
foundRecipient = true; // foundRecipient = true;
} // }
} // }
} // }
catch (Exception f) { // catch (Exception f) {
throw new ExceptionConverter(f); // throw new ExceptionConverter(f);
} // }
} }
if(!foundRecipient || envelopedData == null) { if(!foundRecipient || envelopedData == null) {

460
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java

@ -1,230 +1,230 @@
/* ///*
* $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ // * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
* // *
* Copyright 2009 Martin Brunecky, Aiken Sam // * Copyright 2009 Martin Brunecky, Aiken Sam
* // *
* The contents of this file are subject to the Mozilla Public License Version 1.1 // * The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License. // * (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/ // * You may obtain a copy of the License at http://www.mozilla.org/MPL/
* // *
* Software distributed under the License is distributed on an "AS IS" basis, // * Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License // * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License. // * for the specific language governing rights and limitations under the License.
* // *
* The Original Code is 'iText, a free JAVA-PDF library'. // * The Original Code is 'iText, a free JAVA-PDF library'.
* // *
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by // * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. // * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved. // * All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer // * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. // * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
* // *
* Contributor(s): all the names of the contributors are added in the source code // * Contributor(s): all the names of the contributors are added in the source code
* where applicable. // * where applicable.
* // *
* Alternatively, the contents of this file may be used under the terms of the // * Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the // * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to // * provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL // * allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under // * License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and // * the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL. // * replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version // * If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. // * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
* // *
* This library is free software; you can redistribute it and/or modify it // * This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU // * under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation; // * Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version. // * either version 2 of the License, or any later version.
* // *
* This library is distributed in the hope that it will be useful, but WITHOUT // * This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS // * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more // * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details. // * details.
* // *
* If you didn't download this code from the following link, you should check if // * If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version: // * you aren't using an obsolete version:
* http://www.lowagie.com/iText/ // * http://www.lowagie.com/iText/
*/ // */
//
package com.fr.third.com.lowagie.text.pdf; //package com.fr.third.com.lowagie.text.pdf;
//
import java.io.*; //import java.io.*;
import java.math.*; //import java.math.*;
import java.net.*; //import java.net.*;
//
import org.bouncycastle.asn1.cmp.*; //import org.bouncycastle.asn1.cmp.*;
import org.bouncycastle.asn1.x509.*; //import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.tsp.*; //import org.bouncycastle.tsp.*;
//
import com.fr.third.com.lowagie.text.pdf.codec.Base64; //import com.fr.third.com.lowagie.text.pdf.codec.Base64;
//
/** ///**
* Time Stamp Authority Client interface implementation using Bouncy Castle // * Time Stamp Authority Client interface implementation using Bouncy Castle
* org.bouncycastle.tsp package. // * org.bouncycastle.tsp package.
* <p> // * <p>
* Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 // * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
* for ease of subclassing. // * for ease of subclassing.
* </p> // * </p>
* @since 2.1.6 // * @since 2.1.6
*/ // */
public class TSAClientBouncyCastle implements TSAClient { //public class TSAClientBouncyCastle implements TSAClient {
/** URL of the Time Stamp Authority */ // /** URL of the Time Stamp Authority */
protected String tsaURL; // protected String tsaURL;
/** TSA Username */ // /** TSA Username */
protected String tsaUsername; // protected String tsaUsername;
/** TSA password */ // /** TSA password */
protected String tsaPassword; // protected String tsaPassword;
/** Estimate of the received time stamp token */ // /** Estimate of the received time stamp token */
protected int tokSzEstimate; // protected int tokSzEstimate;
//
/** // /**
* Creates an instance of a TSAClient that will use BouncyCastle. // * Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
*/ // */
public TSAClientBouncyCastle(String url) { // public TSAClientBouncyCastle(String url) {
this(url, null, null, 4096); // this(url, null, null, 4096);
} // }
//
/** // /**
* Creates an instance of a TSAClient that will use BouncyCastle. // * Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name // * @param username String - user(account) name
* @param password String - password // * @param password String - password
*/ // */
public TSAClientBouncyCastle(String url, String username, String password) { // public TSAClientBouncyCastle(String url, String username, String password) {
this(url, username, password, 4096); // this(url, username, password, 4096);
} // }
//
/** // /**
* Constructor. // * Constructor.
* Note the token size estimate is updated by each call, as the token // * Note the token size estimate is updated by each call, as the token
* size is not likely to change (as long as we call the same TSA using // * size is not likely to change (as long as we call the same TSA using
* the same imprint length). // * the same imprint length).
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name // * @param username String - user(account) name
* @param password String - password // * @param password String - password
* @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) // * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
*/ // */
public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { // public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
this.tsaURL = url; // this.tsaURL = url;
this.tsaUsername = username; // this.tsaUsername = username;
this.tsaPassword = password; // this.tsaPassword = password;
this.tokSzEstimate = tokSzEstimate; // this.tokSzEstimate = tokSzEstimate;
} // }
//
/** // /**
* Get the token size estimate. // * Get the token size estimate.
* Returned value reflects the result of the last succesfull call, padded // * Returned value reflects the result of the last succesfull call, padded
* @return an estimate of the token size // * @return an estimate of the token size
*/ // */
public int getTokenSizeEstimate() { // public int getTokenSizeEstimate() {
return tokSzEstimate; // return tokSzEstimate;
} // }
//
/** // /**
* Get RFC 3161 timeStampToken. // * Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped. // * Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) // * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped // * @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken // * @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed // * @throws Exception - TSA request failed
* @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[]) // * @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[])
*/ // */
public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { // public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
return getTimeStampToken(imprint); // return getTimeStampToken(imprint);
} // }
//
/** // /**
* Get timestamp token - Bouncy Castle request encoding / decoding layer // * Get timestamp token - Bouncy Castle request encoding / decoding layer
*/ // */
protected byte[] getTimeStampToken(byte[] imprint) throws Exception { // protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
byte[] respBytes = null; // byte[] respBytes = null;
try { // try {
// Setup the time stamp request // // Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); // TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true); // tsqGenerator.setCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); // // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); // BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); // TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
byte[] requestBytes = request.getEncoded(); // byte[] requestBytes = request.getEncoded();
//
// Call the communications layer // // Call the communications layer
respBytes = getTSAResponse(requestBytes); // respBytes = getTSAResponse(requestBytes);
//
// Handle the TSA response // // Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes); // TimeStampResponse response = new TimeStampResponse(respBytes);
//
// validate communication level attributes (RFC 3161 PKIStatus) // // validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request); // response.validate(request);
PKIFailureInfo failure = response.getFailInfo(); // PKIFailureInfo failure = response.getFailInfo();
int value = (failure == null) ? 0 : failure.intValue(); // int value = (failure == null) ? 0 : failure.intValue();
if (value != 0) { // if (value != 0) {
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string // // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); // throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
} // }
// @todo: validate the time stap certificate chain (if we want // // @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp). // // assure we do not sign using an invalid timestamp).
//
// extract just the time stamp token (removes communication status info) // // extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.getTimeStampToken(); // TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) { // if (tsToken == null) {
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); // throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
} // }
TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details // TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
byte[] encoded = tsToken.getEncoded(); // byte[] encoded = tsToken.getEncoded();
long stop = System.currentTimeMillis(); // long stop = System.currentTimeMillis();
//
// Update our token size estimate for the next call (padded to be safe) // // Update our token size estimate for the next call (padded to be safe)
this.tokSzEstimate = encoded.length + 32; // this.tokSzEstimate = encoded.length + 32;
return encoded; // return encoded;
} catch (Exception e) { // } catch (Exception e) {
throw e; // throw e;
} catch (Throwable t) { // } catch (Throwable t) {
throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); // throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
} // }
} // }
//
/** // /**
* Get timestamp token - communications layer // * Get timestamp token - communications layer
* @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) // * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
*/ // */
protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { // protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// Setup the TSA connection // // Setup the TSA connection
URL url = new URL(tsaURL); // URL url = new URL(tsaURL);
URLConnection tsaConnection; // URLConnection tsaConnection;
tsaConnection = (URLConnection) url.openConnection(); // tsaConnection = (URLConnection) url.openConnection();
//
tsaConnection.setDoInput(true); // tsaConnection.setDoInput(true);
tsaConnection.setDoOutput(true); // tsaConnection.setDoOutput(true);
tsaConnection.setUseCaches(false); // tsaConnection.setUseCaches(false);
tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); // tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
//tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); // //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); // tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
//
if ((tsaUsername != null) && !tsaUsername.equals("") ) { // if ((tsaUsername != null) && !tsaUsername.equals("") ) {
String userPassword = tsaUsername + ":" + tsaPassword; // String userPassword = tsaUsername + ":" + tsaPassword;
tsaConnection.setRequestProperty("Authorization", "Basic " + // tsaConnection.setRequestProperty("Authorization", "Basic " +
new String(Base64.encodeBytes(userPassword.getBytes()))); // new String(Base64.encodeBytes(userPassword.getBytes())));
} // }
OutputStream out = tsaConnection.getOutputStream(); // OutputStream out = tsaConnection.getOutputStream();
out.write(requestBytes); // out.write(requestBytes);
out.close(); // out.close();
//
// Get TSA response as a byte array // // Get TSA response as a byte array
InputStream inp = tsaConnection.getInputStream(); // InputStream inp = tsaConnection.getInputStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream(); // ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024]; // byte[] buffer = new byte[1024];
int bytesRead = 0; // int bytesRead = 0;
while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { // while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
baos.write(buffer, 0, bytesRead); // baos.write(buffer, 0, bytesRead);
} // }
byte[] respBytes = baos.toByteArray(); // byte[] respBytes = baos.toByteArray();
//
String encoding = tsaConnection.getContentEncoding(); // String encoding = tsaConnection.getContentEncoding();
if (encoding != null && encoding.equalsIgnoreCase("base64")) { // if (encoding != null && encoding.equalsIgnoreCase("base64")) {
respBytes = Base64.decode(new String(respBytes)); // respBytes = Base64.decode(new String(respBytes));
} // }
return respBytes; // return respBytes;
} // }
} //}

12
fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java

@ -48,12 +48,12 @@
*/ */
package com.fr.third.com.lowagie.text.pdf.crypto; package com.fr.third.com.lowagie.text.pdf.crypto;
import org.bouncycastle.crypto.BlockCipher; import com.fr.third.org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESFastEngine; import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher; import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter; import com.fr.third.org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV; import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV;
/** /**
* Creates an AES Cipher with CBC and padding PKCS5/7. * Creates an AES Cipher with CBC and padding PKCS5/7.

370
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java

@ -1,185 +1,185 @@
/* ///*
* $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ // * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $
* // *
* Copyright 2009 Paulo Soares // * Copyright 2009 Paulo Soares
* // *
* The contents of this file are subject to the Mozilla Public License Version 1.1 // * The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License. // * (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/ // * You may obtain a copy of the License at http://www.mozilla.org/MPL/
* // *
* Software distributed under the License is distributed on an "AS IS" basis, // * Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License // * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License. // * for the specific language governing rights and limitations under the License.
* // *
* The Original Code is 'iText, a free JAVA-PDF library'. // * The Original Code is 'iText, a free JAVA-PDF library'.
* // *
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by // * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. // * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved. // * All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer // * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. // * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved.
* // *
* Contributor(s): all the names of the contributors are added in the source code // * Contributor(s): all the names of the contributors are added in the source code
* where applicable. // * where applicable.
* // *
* Alternatively, the contents of this file may be used under the terms of the // * Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the // * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to // * provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL // * allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under // * License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and // * the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL. // * replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version // * If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. // * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
* // *
* This library is free software; you can redistribute it and/or modify it // * This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU // * under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation; // * Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version. // * either version 2 of the License, or any later version.
* // *
* This library is distributed in the hope that it will be useful, but WITHOUT // * This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS // * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more // * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details. // * details.
* // *
* If you didn't download this code from the following link, you should check if // * If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version: // * you aren't using an obsolete version:
* http://www.lowagie.com/iText/ // * http://www.lowagie.com/iText/
*/ // */
//
package com.fr.third.v2.lowagie.text.pdf; //package com.fr.third.v2.lowagie.text.pdf;
//
import com.fr.third.v2.lowagie.text.ExceptionConverter; //import com.fr.third.v2.lowagie.text.ExceptionConverter;
//
import java.io.BufferedOutputStream; //import java.io.BufferedOutputStream;
import java.io.DataOutputStream; //import java.io.DataOutputStream;
import java.io.IOException; //import java.io.IOException;
import java.io.InputStream; //import java.io.InputStream;
import java.io.OutputStream; //import java.io.OutputStream;
import java.math.BigInteger; //import java.math.BigInteger;
import java.net.HttpURLConnection; //import java.net.HttpURLConnection;
import java.net.URL; //import java.net.URL;
import java.security.Security; //import java.security.Security;
import java.security.cert.X509Certificate; //import java.security.cert.X509Certificate;
import java.util.Vector; //import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString; //import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; //import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.X509Extension; //import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions; //import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp; //import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID; //import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus; //import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPException; //import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPReq; //import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator; //import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp; //import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp; //import org.bouncycastle.ocsp.SingleResp;
//
/** ///**
* OcspClient implementation using BouncyCastle. // * OcspClient implementation using BouncyCastle.
* @author psoares // * @author psoares
* @since 2.1.6 // * @since 2.1.6
*/ // */
public class OcspClientBouncyCastle implements OcspClient { //public class OcspClientBouncyCastle implements OcspClient {
/** root certificate */ // /** root certificate */
private X509Certificate rootCert; // private X509Certificate rootCert;
/** check certificate */ // /** check certificate */
private X509Certificate checkCert; // private X509Certificate checkCert;
/** OCSP URL */ // /** OCSP URL */
private String url; // private String url;
//
/** // /**
* Creates an instance of an OcspClient that will be using BouncyCastle. // * Creates an instance of an OcspClient that will be using BouncyCastle.
* @param checkCert the check certificate // * @param checkCert the check certificate
* @param rootCert the root certificate // * @param rootCert the root certificate
* @param url the OCSP URL // * @param url the OCSP URL
*/ // */
public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { // public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) {
this.checkCert = checkCert; // this.checkCert = checkCert;
this.rootCert = rootCert; // this.rootCert = rootCert;
this.url = url; // this.url = url;
} // }
//
/** // /**
* Generates an OCSP request using BouncyCastle. // * Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues // * @param issuerCert certificate of the issues
* @param serialNumber serial number // * @param serialNumber serial number
* @return an OCSP request // * @return an OCSP request
* @throws OCSPException // * @throws OCSPException
* @throws IOException // * @throws IOException
*/ // */
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { // private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
//Add provider BC // //Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
// Generate the id for the certificate we are looking for // // Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); // CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
//
// basic request generation with nonce // // basic request generation with nonce
OCSPReqGenerator gen = new OCSPReqGenerator(); // OCSPReqGenerator gen = new OCSPReqGenerator();
//
gen.addRequest(id); // gen.addRequest(id);
//
// create details for nonce extension // // create details for nonce extension
Vector oids = new Vector(); // Vector oids = new Vector();
Vector values = new Vector(); // Vector values = new Vector();
//
oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); // oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); // values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
//
gen.setRequestExtensions(new X509Extensions(oids, values)); // gen.setRequestExtensions(new X509Extensions(oids, values));
//
return gen.generate(); // return gen.generate();
} // }
//
/** // /**
* @return a byte array // * @return a byte array
* @see OcspClient#getEncoded() // * @see OcspClient#getEncoded()
*/ // */
public byte[] getEncoded() { // public byte[] getEncoded() {
try { // try {
OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); // OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber());
byte[] array = request.getEncoded(); // byte[] array = request.getEncoded();
URL urlt = new URL(url); // URL urlt = new URL(url);
HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); // HttpURLConnection con = (HttpURLConnection)urlt.openConnection();
con.setRequestProperty("Content-Type", "application/ocsp-request"); // con.setRequestProperty("Content-Type", "application/ocsp-request");
con.setRequestProperty("Accept", "application/ocsp-response"); // con.setRequestProperty("Accept", "application/ocsp-response");
con.setDoOutput(true); // con.setDoOutput(true);
OutputStream out = con.getOutputStream(); // OutputStream out = con.getOutputStream();
DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); // DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out));
dataOut.write(array); // dataOut.write(array);
dataOut.flush(); // dataOut.flush();
dataOut.close(); // dataOut.close();
if (con.getResponseCode() / 100 != 2) { // if (con.getResponseCode() / 100 != 2) {
throw new IOException("Invalid HTTP response"); // throw new IOException("Invalid HTTP response");
} // }
//Get Response // //Get Response
InputStream in = (InputStream) con.getContent(); // InputStream in = (InputStream) con.getContent();
OCSPResp ocspResponse = new OCSPResp(in); // OCSPResp ocspResponse = new OCSPResp(in);
//
if (ocspResponse.getStatus() != 0) // if (ocspResponse.getStatus() != 0)
throw new IOException("Invalid status: " + ocspResponse.getStatus()); // throw new IOException("Invalid status: " + ocspResponse.getStatus());
BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); // BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject();
if (basicResponse != null) { // if (basicResponse != null) {
SingleResp[] responses = basicResponse.getResponses(); // SingleResp[] responses = basicResponse.getResponses();
if (responses.length == 1) { // if (responses.length == 1) {
SingleResp resp = responses[0]; // SingleResp resp = responses[0];
Object status = resp.getCertStatus(); // Object status = resp.getCertStatus();
if (status == CertificateStatus.GOOD) { // if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded(); // return basicResponse.getEncoded();
} // }
else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { // else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!"); // throw new IOException("OCSP Status is revoked!");
} // }
else { // else {
throw new IOException("OCSP Status is unknown!"); // throw new IOException("OCSP Status is unknown!");
} // }
} // }
} // }
} // }
catch (Exception ex) { // catch (Exception ex) {
throw new ExceptionConverter(ex); // throw new ExceptionConverter(ex);
} // }
return null; // return null;
} // }
} //}

268
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java

@ -46,6 +46,8 @@
*/ */
package com.fr.third.v2.lowagie.text.pdf; package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1String;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File; import java.io.File;
@ -76,42 +78,40 @@ import java.util.Iterator;
import java.util.Set; import java.util.Set;
import com.fr.third.v2.lowagie.text.ExceptionConverter; import com.fr.third.v2.lowagie.text.ExceptionConverter;
import org.bouncycastle.asn1.ASN1Encodable; import com.fr.third.org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector; import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream; import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence; import com.fr.third.org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set; import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject; import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated; import com.fr.third.org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger; import com.fr.third.org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull; import com.fr.third.org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObject; import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSequence; import com.fr.third.org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERString; import com.fr.third.org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.DERTaggedObject; import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.DERUTCTime; import com.fr.third.org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable; import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.cms.Attribute; import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import com.fr.third.org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
import java.security.cert.CertificateParsingException; import java.security.cert.CertificateParsingException;
import java.util.Date; import java.util.Date;
import org.bouncycastle.asn1.ASN1OctetString; import com.fr.third.org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint; import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions; import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.ocsp.BasicOCSPResp; //import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID; //import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp; //import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.tsp.TimeStampToken; //import org.bouncycastle.tsp.TimeStampToken;
/** /**
* This class does all the processing related to signing and verifying a PKCS#7 * This class does all the processing related to signing and verifying a PKCS#7
@ -167,7 +167,7 @@ public class PdfPKCS7 {
*/ */
private String signName; private String signName;
private TimeStampToken timeStampToken; // private TimeStampToken timeStampToken;
private static final HashMap digestNames = new HashMap(); private static final HashMap digestNames = new HashMap();
private static final HashMap algorithmNames = new HashMap(); private static final HashMap algorithmNames = new HashMap();
@ -273,23 +273,23 @@ public class PdfPKCS7 {
* @return the timestamp token or null * @return the timestamp token or null
* @since 2.1.6 * @since 2.1.6
*/ */
public TimeStampToken getTimeStampToken() { // public TimeStampToken getTimeStampToken() {
return timeStampToken; // return timeStampToken;
} // }
/** /**
* Gets the timestamp date * Gets the timestamp date
* @return a date * @return a date
* @since 2.1.6 * @since 2.1.6
*/ */
public Calendar getTimeStampDate() { // public Calendar getTimeStampDate() {
if (timeStampToken == null) // if (timeStampToken == null)
return null; // return null;
Calendar cal = new GregorianCalendar(); // Calendar cal = new GregorianCalendar();
Date date = timeStampToken.getTimeStampInfo().getGenTime(); // Date date = timeStampToken.getTimeStampInfo().getGenTime();
cal.setTime(date); // cal.setTime(date);
return cal; // return cal;
} // }
/** /**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1. * Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
@ -319,19 +319,19 @@ public class PdfPKCS7 {
} }
} }
private BasicOCSPResp basicResp; // private BasicOCSPResp basicResp;
/** /**
* Gets the OCSP basic response if there is one. * Gets the OCSP basic response if there is one.
* @return the OCSP basic response or null * @return the OCSP basic response or null
* @since 2.1.6 * @since 2.1.6
*/ */
public BasicOCSPResp getOcsp() { // public BasicOCSPResp getOcsp() {
return basicResp; // return basicResp;
} // }
private void findOcsp(ASN1Sequence seq) throws IOException { private void findOcsp(ASN1Sequence seq) throws IOException {
basicResp = null; // basicResp = null;
boolean ret = false; boolean ret = false;
while (true) { while (true) {
if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) if ((seq.getObjectAt(0) instanceof DERObjectIdentifier)
@ -362,7 +362,7 @@ public class PdfPKCS7 {
DEROctetString os = (DEROctetString)seq.getObjectAt(1); DEROctetString os = (DEROctetString)seq.getObjectAt(1);
ASN1InputStream inp = new ASN1InputStream(os.getOctets()); ASN1InputStream inp = new ASN1InputStream(os.getOctets());
BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject());
basicResp = new BasicOCSPResp(resp); // basicResp = new BasicOCSPResp(resp);
} }
/** /**
@ -379,7 +379,7 @@ public class PdfPKCS7 {
// //
// Basic checks to make sure it's a PKCS#7 SignedData Object // Basic checks to make sure it's a PKCS#7 SignedData Object
// //
DERObject pkcs; ASN1Object pkcs;
try { try {
pkcs = din.readObject(); pkcs = din.readObject();
@ -464,7 +464,7 @@ public class PdfPKCS7 {
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false); ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
sigAttr = sseq.getEncoded(ASN1Encodable.DER); sigAttr = sseq.getEncoded("DER");
for (int k = 0; k < sseq.size(); ++k) { for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
@ -499,7 +499,7 @@ public class PdfPKCS7 {
ASN1Set attributeValues = ts.getAttrValues(); ASN1Set attributeValues = ts.getAttrValues();
ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0));
ContentInfo contentInfo = new ContentInfo(tokenSequence); ContentInfo contentInfo = new ContentInfo(tokenSequence);
this.timeStampToken = new TimeStampToken(contentInfo); // this.timeStampToken = new TimeStampToken(contentInfo);
} }
} }
if (RSAdata != null || digestAttr != null) { if (RSAdata != null || digestAttr != null) {
@ -641,15 +641,15 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise * @return true if it checks false otherwise
* @since 2.1.6 * @since 2.1.6
*/ */
public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { // public boolean verifyTimestampImprint() throws NoSuchAlgorithmException {
if (timeStampToken == null) // if (timeStampToken == null)
return false; // return false;
MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); // MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint();
byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); // byte[] md = MessageDigest.getInstance("SHA-1").digest(digest);
byte[] imphashed = imprint.getHashedMessage(); // byte[] imphashed = imprint.getHashedMessage();
boolean res = Arrays.equals(md, imphashed); // boolean res = Arrays.equals(md, imphashed);
return res; // return res;
} // }
/** /**
* Get all the X.509 certificates associated with this PKCS#7 object in no particular order. * Get all the X.509 certificates associated with this PKCS#7 object in no particular order.
@ -888,27 +888,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found * @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6 * @since 2.1.6
*/ */
public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { // public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) {
if (provider == null) // if (provider == null)
provider = "BC"; // provider = "BC";
try { // try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { // for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try { // try {
String alias = (String)aliases.nextElement(); // String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias)) // if (!keystore.isCertificateEntry(alias))
continue; // continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); // X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
if (ocsp.verify(certStoreX509.getPublicKey(), provider)) // if (ocsp.verify(certStoreX509.getPublicKey(), provider))
return true; // return true;
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
} // }
} // }
catch (Exception e) { // catch (Exception e) {
} // }
return false; // return false;
} // }
/** /**
* Verifies a timestamp against a KeyStore. * Verifies a timestamp against a KeyStore.
@ -918,27 +918,27 @@ public class PdfPKCS7 {
* @return <CODE>true</CODE> is a certificate was found * @return <CODE>true</CODE> is a certificate was found
* @since 2.1.6 * @since 2.1.6
*/ */
public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { // public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) {
if (provider == null) // if (provider == null)
provider = "BC"; // provider = "BC";
try { // try {
for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { // for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) {
try { // try {
String alias = (String)aliases.nextElement(); // String alias = (String)aliases.nextElement();
if (!keystore.isCertificateEntry(alias)) // if (!keystore.isCertificateEntry(alias))
continue; // continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); // X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
ts.validate(certStoreX509, provider); // ts.validate(certStoreX509, provider);
return true; // return true;
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
} // }
} // }
catch (Exception e) { // catch (Exception e) {
} // }
return false; // return false;
} // }
/** /**
* Retrieves the OCSP URL from the given certificate. * Retrieves the OCSP URL from the given certificate.
@ -949,7 +949,7 @@ public class PdfPKCS7 {
*/ */
public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException { public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
try { try {
DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
if (obj == null) { if (obj == null) {
return null; return null;
} }
@ -961,7 +961,7 @@ public class PdfPKCS7 {
continue; continue;
} else { } else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1)); String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1));
if ( AccessLocation == null ) { if ( AccessLocation == null ) {
return "" ; return "" ;
} else { } else {
@ -980,26 +980,26 @@ public class PdfPKCS7 {
* @return true if it checks false otherwise * @return true if it checks false otherwise
* @since 2.1.6 * @since 2.1.6
*/ */
public boolean isRevocationValid() { // public boolean isRevocationValid() {
if (basicResp == null) // if (basicResp == null)
return false; // return false;
if (signCerts.size() < 2) // if (signCerts.size() < 2)
return false; // return false;
try { // try {
X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); // X509Certificate[] cs = (X509Certificate[])getSignCertificateChain();
SingleResp sr = basicResp.getResponses()[0]; // SingleResp sr = basicResp.getResponses()[0];
CertificateID cid = sr.getCertID(); // CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate(); // X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1]; // X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); // CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
return tis.equals(cid); // return tis.equals(cid);
} // }
catch (Exception ex) { // catch (Exception ex) {
} // }
return false; // return false;
} // }
private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid); byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) { if (bytes == null) {
return null; return null;
@ -1010,7 +1010,7 @@ public class PdfPKCS7 {
return aIn.readObject(); return aIn.readObject();
} }
private static String getStringFromGeneralName(DERObject names) throws IOException { private static String getStringFromGeneralName(ASN1Object names) throws IOException {
DERTaggedObject taggedObject = (DERTaggedObject) names ; DERTaggedObject taggedObject = (DERTaggedObject) names ;
return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
} }
@ -1020,11 +1020,11 @@ public class PdfPKCS7 {
* @param enc a TBSCertificate in a byte array * @param enc a TBSCertificate in a byte array
* @return a DERObject * @return a DERObject
*/ */
private static DERObject getIssuer(byte[] enc) { private static ASN1Object getIssuer(byte[] enc) {
try { try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject(); ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
} }
catch (IOException e) { catch (IOException e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1036,11 +1036,11 @@ public class PdfPKCS7 {
* @param enc A TBSCertificate in a byte array * @param enc A TBSCertificate in a byte array
* @return a DERObject * @return a DERObject
*/ */
private static DERObject getSubject(byte[] enc) { private static ASN1Object getSubject(byte[] enc) {
try { try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject(); ASN1Sequence seq = (ASN1Sequence)in.readObject();
return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
} }
catch (IOException e) { catch (IOException e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1340,7 +1340,7 @@ public class PdfPKCS7 {
*/ */
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try { try {
return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER); return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER");
} }
catch (Exception e) { catch (Exception e) {
throw new ExceptionConverter(e); throw new ExceptionConverter(e);
@ -1575,7 +1575,7 @@ public class PdfPKCS7 {
vs = new ArrayList(); vs = new ArrayList();
values.put(id, vs); values.put(id, vs);
} }
vs.add(((DERString)s.getObjectAt(1)).getString()); vs.add(((ASN1String)s.getObjectAt(1)).getString());
} }
} }
} }

45
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java

@ -89,6 +89,8 @@
package com.fr.third.v2.lowagie.text.pdf; package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.org.bouncycastle.asn1.ASN1Object;
import com.fr.third.org.bouncycastle.asn1.ASN1Set;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -107,22 +109,21 @@ import javax.crypto.Cipher;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream; import com.fr.third.org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject; import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier; import com.fr.third.org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROctetString; import com.fr.third.org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DEROutputStream; import com.fr.third.org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERSet; import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.ContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo; import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData;
import org.bouncycastle.asn1.cms.EnvelopedData; import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier;
import org.bouncycastle.asn1.cms.RecipientIdentifier; import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.cms.RecipientInfo; import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
/** /**
* @author Aiken Sam (aikensam@ieee.org) * @author Aiken Sam (aikensam@ieee.org)
@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler {
pkcs7input[22] = two; pkcs7input[22] = two;
pkcs7input[23] = one; pkcs7input[23] = one;
DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream(); ByteArrayOutputStream baos = new ByteArrayOutputStream();
@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler {
return EncodedRecipients; return EncodedRecipients;
} }
private DERObject createDERForRecipient(byte[] in, X509Certificate cert) private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException, throws IOException,
GeneralSecurityException GeneralSecurityException
{ {
@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler {
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
DERObject derobject = asn1inputstream.readObject(); ASN1Object derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s); KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128); keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey(); SecretKey secretkey = keygenerator.generateKey();
@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler {
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo = EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null);
ContentInfo contentinfo = ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
return contentinfo.getDERObject(); return contentinfo.getContentType();
} }
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler {
new IssuerAndSerialNumber( new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(), tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue()); tbscertificatestructure.getSerialNumber().getValue());
Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId()); Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate); cipher.init(1, x509certificate);
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);

40
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java

@ -79,8 +79,8 @@ import com.fr.third.v2.lowagie.text.pdf.interfaces.PdfViewerPreferences;
import com.fr.third.v2.lowagie.text.pdf.internal.PdfViewerPreferencesImp; import com.fr.third.v2.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
import com.fr.third.v2.lowagie.text.exceptions.BadPasswordException; import com.fr.third.v2.lowagie.text.exceptions.BadPasswordException;
import org.bouncycastle.cms.CMSEnvelopedData; //import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.RecipientInformation; //import org.bouncycastle.cms.RecipientInformation;
/** Reads a PDF document. /** Reads a PDF document.
* @author Paulo Soares (psoares@consiste.pt) * @author Paulo Soares (psoares@consiste.pt)
@ -710,24 +710,24 @@ public class PdfReader implements PdfViewerPreferences {
PdfObject recipient = recipients.getPdfObject(i); PdfObject recipient = recipients.getPdfObject(i);
strings.remove(recipient); strings.remove(recipient);
CMSEnvelopedData data = null; // CMSEnvelopedData data = null;
try { // try {
data = new CMSEnvelopedData(recipient.getBytes()); // data = new CMSEnvelopedData(recipient.getBytes());
//
Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); // Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator();
//
while (recipientCertificatesIt.hasNext()) { // while (recipientCertificatesIt.hasNext()) {
RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); // RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
//
if (recipientInfo.getRID().match(certificate) && !foundRecipient) { // if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); // envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
foundRecipient = true; // foundRecipient = true;
} // }
} // }
} // }
catch (Exception f) { // catch (Exception f) {
throw new ExceptionConverter(f); // throw new ExceptionConverter(f);
} // }
} }
if(!foundRecipient || envelopedData == null) { if(!foundRecipient || envelopedData == null) {

460
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java

@ -1,230 +1,230 @@
/* ///*
* $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ // * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $
* // *
* Copyright 2009 Martin Brunecky, Aiken Sam // * Copyright 2009 Martin Brunecky, Aiken Sam
* // *
* The contents of this file are subject to the Mozilla Public License Version 1.1 // * The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License. // * (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at http://www.mozilla.org/MPL/ // * You may obtain a copy of the License at http://www.mozilla.org/MPL/
* // *
* Software distributed under the License is distributed on an "AS IS" basis, // * Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License // * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the License. // * for the specific language governing rights and limitations under the License.
* // *
* The Original Code is 'iText, a free JAVA-PDF library'. // * The Original Code is 'iText, a free JAVA-PDF library'.
* // *
* The Initial Developer of the Original Code is Bruno Lowagie. Portions created by // * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by
* the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. // * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie.
* All Rights Reserved. // * All Rights Reserved.
* Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer // * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer
* are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. // * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved.
* // *
* Contributor(s): all the names of the contributors are added in the source code // * Contributor(s): all the names of the contributors are added in the source code
* where applicable. // * where applicable.
* // *
* Alternatively, the contents of this file may be used under the terms of the // * Alternatively, the contents of this file may be used under the terms of the
* LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the // * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the
* provisions of LGPL are applicable instead of those above. If you wish to // * provisions of LGPL are applicable instead of those above. If you wish to
* allow use of your version of this file only under the terms of the LGPL // * allow use of your version of this file only under the terms of the LGPL
* License and not to allow others to use your version of this file under // * License and not to allow others to use your version of this file under
* the MPL, indicate your decision by deleting the provisions above and // * the MPL, indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by the LGPL. // * replace them with the notice and other provisions required by the LGPL.
* If you do not delete the provisions above, a recipient may use your version // * If you do not delete the provisions above, a recipient may use your version
* of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. // * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE.
* // *
* This library is free software; you can redistribute it and/or modify it // * This library is free software; you can redistribute it and/or modify it
* under the terms of the MPL as stated above or under the terms of the GNU // * under the terms of the MPL as stated above or under the terms of the GNU
* Library General Public License as published by the Free Software Foundation; // * Library General Public License as published by the Free Software Foundation;
* either version 2 of the License, or any later version. // * either version 2 of the License, or any later version.
* // *
* This library is distributed in the hope that it will be useful, but WITHOUT // * This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS // * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more // * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more
* details. // * details.
* // *
* If you didn't download this code from the following link, you should check if // * If you didn't download this code from the following link, you should check if
* you aren't using an obsolete version: // * you aren't using an obsolete version:
* http://www.lowagie.com/iText/ // * http://www.lowagie.com/iText/
*/ // */
//
package com.fr.third.v2.lowagie.text.pdf; //package com.fr.third.v2.lowagie.text.pdf;
//
import java.io.*; //import java.io.*;
import java.math.*; //import java.math.*;
import java.net.*; //import java.net.*;
//
import org.bouncycastle.asn1.cmp.*; //import org.bouncycastle.asn1.cmp.*;
import org.bouncycastle.asn1.x509.*; //import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.tsp.*; //import org.bouncycastle.tsp.*;
//
import com.fr.third.v2.lowagie.text.pdf.codec.Base64; //import com.fr.third.v2.lowagie.text.pdf.codec.Base64;
//
/** ///**
* Time Stamp Authority Client interface implementation using Bouncy Castle // * Time Stamp Authority Client interface implementation using Bouncy Castle
* org.bouncycastle.tsp package. // * org.bouncycastle.tsp package.
* <p> // * <p>
* Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 // * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007
* for ease of subclassing. // * for ease of subclassing.
* </p> // * </p>
* @since 2.1.6 // * @since 2.1.6
*/ // */
public class TSAClientBouncyCastle implements TSAClient { //public class TSAClientBouncyCastle implements TSAClient {
/** URL of the Time Stamp Authority */ // /** URL of the Time Stamp Authority */
protected String tsaURL; // protected String tsaURL;
/** TSA Username */ // /** TSA Username */
protected String tsaUsername; // protected String tsaUsername;
/** TSA password */ // /** TSA password */
protected String tsaPassword; // protected String tsaPassword;
/** Estimate of the received time stamp token */ // /** Estimate of the received time stamp token */
protected int tokSzEstimate; // protected int tokSzEstimate;
//
/** // /**
* Creates an instance of a TSAClient that will use BouncyCastle. // * Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
*/ // */
public TSAClientBouncyCastle(String url) { // public TSAClientBouncyCastle(String url) {
this(url, null, null, 4096); // this(url, null, null, 4096);
} // }
//
/** // /**
* Creates an instance of a TSAClient that will use BouncyCastle. // * Creates an instance of a TSAClient that will use BouncyCastle.
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name // * @param username String - user(account) name
* @param password String - password // * @param password String - password
*/ // */
public TSAClientBouncyCastle(String url, String username, String password) { // public TSAClientBouncyCastle(String url, String username, String password) {
this(url, username, password, 4096); // this(url, username, password, 4096);
} // }
//
/** // /**
* Constructor. // * Constructor.
* Note the token size estimate is updated by each call, as the token // * Note the token size estimate is updated by each call, as the token
* size is not likely to change (as long as we call the same TSA using // * size is not likely to change (as long as we call the same TSA using
* the same imprint length). // * the same imprint length).
* @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") // * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA")
* @param username String - user(account) name // * @param username String - user(account) name
* @param password String - password // * @param password String - password
* @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) // * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded)
*/ // */
public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { // public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) {
this.tsaURL = url; // this.tsaURL = url;
this.tsaUsername = username; // this.tsaUsername = username;
this.tsaPassword = password; // this.tsaPassword = password;
this.tokSzEstimate = tokSzEstimate; // this.tokSzEstimate = tokSzEstimate;
} // }
//
/** // /**
* Get the token size estimate. // * Get the token size estimate.
* Returned value reflects the result of the last succesfull call, padded // * Returned value reflects the result of the last succesfull call, padded
* @return an estimate of the token size // * @return an estimate of the token size
*/ // */
public int getTokenSizeEstimate() { // public int getTokenSizeEstimate() {
return tokSzEstimate; // return tokSzEstimate;
} // }
//
/** // /**
* Get RFC 3161 timeStampToken. // * Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped. // * Method may return null indicating that timestamp should be skipped.
* @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) // * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it)
* @param imprint byte[] - data imprint to be time-stamped // * @param imprint byte[] - data imprint to be time-stamped
* @return byte[] - encoded, TSA signed data of the timeStampToken // * @return byte[] - encoded, TSA signed data of the timeStampToken
* @throws Exception - TSA request failed // * @throws Exception - TSA request failed
* @see TSAClient#getTimeStampToken(PdfPKCS7, byte[]) // * @see TSAClient#getTimeStampToken(PdfPKCS7, byte[])
*/ // */
public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { // public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception {
return getTimeStampToken(imprint); // return getTimeStampToken(imprint);
} // }
//
/** // /**
* Get timestamp token - Bouncy Castle request encoding / decoding layer // * Get timestamp token - Bouncy Castle request encoding / decoding layer
*/ // */
protected byte[] getTimeStampToken(byte[] imprint) throws Exception { // protected byte[] getTimeStampToken(byte[] imprint) throws Exception {
byte[] respBytes = null; // byte[] respBytes = null;
try { // try {
// Setup the time stamp request // // Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); // TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true); // tsqGenerator.setCertReq(true);
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); // // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); // BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); // TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce);
byte[] requestBytes = request.getEncoded(); // byte[] requestBytes = request.getEncoded();
//
// Call the communications layer // // Call the communications layer
respBytes = getTSAResponse(requestBytes); // respBytes = getTSAResponse(requestBytes);
//
// Handle the TSA response // // Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes); // TimeStampResponse response = new TimeStampResponse(respBytes);
//
// validate communication level attributes (RFC 3161 PKIStatus) // // validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request); // response.validate(request);
PKIFailureInfo failure = response.getFailInfo(); // PKIFailureInfo failure = response.getFailInfo();
int value = (failure == null) ? 0 : failure.intValue(); // int value = (failure == null) ? 0 : failure.intValue();
if (value != 0) { // if (value != 0) {
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string // // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); // throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value);
} // }
// @todo: validate the time stap certificate chain (if we want // // @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp). // // assure we do not sign using an invalid timestamp).
//
// extract just the time stamp token (removes communication status info) // // extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.getTimeStampToken(); // TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) { // if (tsToken == null) {
throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); // throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString());
} // }
TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details // TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details
byte[] encoded = tsToken.getEncoded(); // byte[] encoded = tsToken.getEncoded();
long stop = System.currentTimeMillis(); // long stop = System.currentTimeMillis();
//
// Update our token size estimate for the next call (padded to be safe) // // Update our token size estimate for the next call (padded to be safe)
this.tokSzEstimate = encoded.length + 32; // this.tokSzEstimate = encoded.length + 32;
return encoded; // return encoded;
} catch (Exception e) { // } catch (Exception e) {
throw e; // throw e;
} catch (Throwable t) { // } catch (Throwable t) {
throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); // throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t);
} // }
} // }
//
/** // /**
* Get timestamp token - communications layer // * Get timestamp token - communications layer
* @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) // * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded)
*/ // */
protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { // protected byte[] getTSAResponse(byte[] requestBytes) throws Exception {
// Setup the TSA connection // // Setup the TSA connection
URL url = new URL(tsaURL); // URL url = new URL(tsaURL);
URLConnection tsaConnection; // URLConnection tsaConnection;
tsaConnection = (URLConnection) url.openConnection(); // tsaConnection = (URLConnection) url.openConnection();
//
tsaConnection.setDoInput(true); // tsaConnection.setDoInput(true);
tsaConnection.setDoOutput(true); // tsaConnection.setDoOutput(true);
tsaConnection.setUseCaches(false); // tsaConnection.setUseCaches(false);
tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); // tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query");
//tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); // //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64");
tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); // tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary");
//
if ((tsaUsername != null) && !tsaUsername.equals("") ) { // if ((tsaUsername != null) && !tsaUsername.equals("") ) {
String userPassword = tsaUsername + ":" + tsaPassword; // String userPassword = tsaUsername + ":" + tsaPassword;
tsaConnection.setRequestProperty("Authorization", "Basic " + // tsaConnection.setRequestProperty("Authorization", "Basic " +
new String(Base64.encodeBytes(userPassword.getBytes()))); // new String(Base64.encodeBytes(userPassword.getBytes())));
} // }
OutputStream out = tsaConnection.getOutputStream(); // OutputStream out = tsaConnection.getOutputStream();
out.write(requestBytes); // out.write(requestBytes);
out.close(); // out.close();
//
// Get TSA response as a byte array // // Get TSA response as a byte array
InputStream inp = tsaConnection.getInputStream(); // InputStream inp = tsaConnection.getInputStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream(); // ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024]; // byte[] buffer = new byte[1024];
int bytesRead = 0; // int bytesRead = 0;
while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { // while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) {
baos.write(buffer, 0, bytesRead); // baos.write(buffer, 0, bytesRead);
} // }
byte[] respBytes = baos.toByteArray(); // byte[] respBytes = baos.toByteArray();
//
String encoding = tsaConnection.getContentEncoding(); // String encoding = tsaConnection.getContentEncoding();
if (encoding != null && encoding.equalsIgnoreCase("base64")) { // if (encoding != null && encoding.equalsIgnoreCase("base64")) {
respBytes = Base64.decode(new String(respBytes)); // respBytes = Base64.decode(new String(respBytes));
} // }
return respBytes; // return respBytes;
} // }
} //}

12
fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java

@ -48,12 +48,12 @@
*/ */
package com.fr.third.v2.lowagie.text.pdf.crypto; package com.fr.third.v2.lowagie.text.pdf.crypto;
import org.bouncycastle.crypto.BlockCipher; import com.fr.third.org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESFastEngine; import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher; import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter; import com.fr.third.org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV; import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV;
/** /**
* Creates an AES Cipher with CBC and padding PKCS5/7. * Creates an AES Cipher with CBC and padding PKCS5/7.

Loading…
Cancel
Save