From 72d6364e04c1aa805392593f608988bfcfb60124 Mon Sep 17 00:00:00 2001 From: "Hugh.C" Date: Tue, 28 Apr 2020 11:35:55 +0800 Subject: [PATCH 1/3] =?UTF-8?q?REPORT-30379=20bouncycastle=E5=AD=98?= =?UTF-8?q?=E5=9C=A8=E5=AE=89=E5=85=A8=E9=97=AE=E9=A2=98=EF=BC=8Cfine-itex?= =?UTF-8?q?t=E3=80=81fine-itext-old=20=E9=80=82=E9=85=8D=E9=AB=98=E7=89=88?= =?UTF-8?q?=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../text/pdf/OcspClientBouncyCastle.java | 368 +++++++------- .../third/com/lowagie/text/pdf/PdfPKCS7.java | 268 +++++----- .../text/pdf/PdfPublicKeySecurityHandler.java | 45 +- .../third/com/lowagie/text/pdf/PdfReader.java | 40 +- .../text/pdf/TSAClientBouncyCastle.java | 460 +++++++++--------- .../lowagie/text/pdf/crypto/AESCipher.java | 12 +- .../text/pdf/OcspClientBouncyCastle.java | 370 +++++++------- .../third/v2/lowagie/text/pdf/PdfPKCS7.java | 266 +++++----- .../text/pdf/PdfPublicKeySecurityHandler.java | 45 +- .../third/v2/lowagie/text/pdf/PdfReader.java | 40 +- .../text/pdf/TSAClientBouncyCastle.java | 460 +++++++++--------- .../v2/lowagie/text/pdf/crypto/AESCipher.java | 12 +- 12 files changed, 1194 insertions(+), 1192 deletions(-) diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java index 280573a94..d7fa18ac3 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/OcspClientBouncyCastle.java @@ -1,184 +1,184 @@ -/* - * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ - * - * Copyright 2009 Paulo Soares - * - * The contents of this file are subject to the Mozilla Public License Version 1.1 - * (the "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the License. - * - * The Original Code is 'iText, a free JAVA-PDF library'. - * - * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by - * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. - * All Rights Reserved. - * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer - * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. - * - * Contributor(s): all the names of the contributors are added in the source code - * where applicable. - * - * Alternatively, the contents of this file may be used under the terms of the - * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the - * provisions of LGPL are applicable instead of those above. If you wish to - * allow use of your version of this file only under the terms of the LGPL - * License and not to allow others to use your version of this file under - * the MPL, indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by the LGPL. - * If you do not delete the provisions above, a recipient may use your version - * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the MPL as stated above or under the terms of the GNU - * Library General Public License as published by the Free Software Foundation; - * either version 2 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more - * details. - * - * If you didn't download this code from the following link, you should check if - * you aren't using an obsolete version: - * http://www.lowagie.com/iText/ - */ - -package com.fr.third.com.lowagie.text.pdf; - -import com.fr.third.com.lowagie.text.ExceptionConverter; -import java.io.BufferedOutputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.math.BigInteger; -import java.net.HttpURLConnection; -import java.net.URL; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.Vector; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.CertificateStatus; -import org.bouncycastle.ocsp.OCSPException; -import org.bouncycastle.ocsp.OCSPReq; -import org.bouncycastle.ocsp.OCSPReqGenerator; -import org.bouncycastle.ocsp.OCSPResp; -import org.bouncycastle.ocsp.SingleResp; - -/** - * OcspClient implementation using BouncyCastle. - * @author psoares - * @since 2.1.6 - */ -public class OcspClientBouncyCastle implements OcspClient { - /** root certificate */ - private X509Certificate rootCert; - /** check certificate */ - private X509Certificate checkCert; - /** OCSP URL */ - private String url; - - /** - * Creates an instance of an OcspClient that will be using BouncyCastle. - * @param checkCert the check certificate - * @param rootCert the root certificate - * @param url the OCSP URL - */ - public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { - this.checkCert = checkCert; - this.rootCert = rootCert; - this.url = url; - } - - /** - * Generates an OCSP request using BouncyCastle. - * @param issuerCert certificate of the issues - * @param serialNumber serial number - * @return an OCSP request - * @throws OCSPException - * @throws IOException - */ - private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { - //Add provider BC - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - - // Generate the id for the certificate we are looking for - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); - - // basic request generation with nonce - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest(id); - - // create details for nonce extension - Vector oids = new Vector(); - Vector values = new Vector(); - - oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - return gen.generate(); - } - - /** - * @return a byte array - * @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded() - */ - public byte[] getEncoded() { - try { - OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); - byte[] array = request.getEncoded(); - URL urlt = new URL(url); - HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); - con.setRequestProperty("Content-Type", "application/ocsp-request"); - con.setRequestProperty("Accept", "application/ocsp-response"); - con.setDoOutput(true); - OutputStream out = con.getOutputStream(); - DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); - dataOut.write(array); - dataOut.flush(); - dataOut.close(); - if (con.getResponseCode() / 100 != 2) { - throw new IOException("Invalid HTTP response"); - } - //Get Response - InputStream in = (InputStream) con.getContent(); - OCSPResp ocspResponse = new OCSPResp(in); - - if (ocspResponse.getStatus() != 0) - throw new IOException("Invalid status: " + ocspResponse.getStatus()); - BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); - if (basicResponse != null) { - SingleResp[] responses = basicResponse.getResponses(); - if (responses.length == 1) { - SingleResp resp = responses[0]; - Object status = resp.getCertStatus(); - if (status == CertificateStatus.GOOD) { - return basicResponse.getEncoded(); - } - else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { - throw new IOException("OCSP Status is revoked!"); - } - else { - throw new IOException("OCSP Status is unknown!"); - } - } - } - } - catch (Exception ex) { - throw new ExceptionConverter(ex); - } - return null; - } -} +///* +// * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ +// * +// * Copyright 2009 Paulo Soares +// * +// * The contents of this file are subject to the Mozilla Public License Version 1.1 +// * (the "License"); you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at http://www.mozilla.org/MPL/ +// * +// * Software distributed under the License is distributed on an "AS IS" basis, +// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +// * for the specific language governing rights and limitations under the License. +// * +// * The Original Code is 'iText, a free JAVA-PDF library'. +// * +// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by +// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. +// * All Rights Reserved. +// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer +// * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. +// * +// * Contributor(s): all the names of the contributors are added in the source code +// * where applicable. +// * +// * Alternatively, the contents of this file may be used under the terms of the +// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the +// * provisions of LGPL are applicable instead of those above. If you wish to +// * allow use of your version of this file only under the terms of the LGPL +// * License and not to allow others to use your version of this file under +// * the MPL, indicate your decision by deleting the provisions above and +// * replace them with the notice and other provisions required by the LGPL. +// * If you do not delete the provisions above, a recipient may use your version +// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. +// * +// * This library is free software; you can redistribute it and/or modify it +// * under the terms of the MPL as stated above or under the terms of the GNU +// * Library General Public License as published by the Free Software Foundation; +// * either version 2 of the License, or any later version. +// * +// * This library is distributed in the hope that it will be useful, but WITHOUT +// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more +// * details. +// * +// * If you didn't download this code from the following link, you should check if +// * you aren't using an obsolete version: +// * http://www.lowagie.com/iText/ +// */ +// +//package com.fr.third.com.lowagie.text.pdf; +// +//import com.fr.third.com.lowagie.text.ExceptionConverter; +//import java.io.BufferedOutputStream; +//import java.io.DataOutputStream; +//import java.io.IOException; +//import java.io.InputStream; +//import java.io.OutputStream; +//import java.math.BigInteger; +//import java.net.HttpURLConnection; +//import java.net.URL; +//import java.security.Security; +//import java.security.cert.X509Certificate; +//import java.util.Vector; +//import org.bouncycastle.asn1.DEROctetString; +//import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; +//import org.bouncycastle.asn1.x509.X509Extension; +//import org.bouncycastle.asn1.x509.X509Extensions; +//import org.bouncycastle.ocsp.BasicOCSPResp; +//import org.bouncycastle.ocsp.CertificateID; +//import org.bouncycastle.ocsp.CertificateStatus; +//import org.bouncycastle.ocsp.OCSPException; +//import org.bouncycastle.ocsp.OCSPReq; +//import org.bouncycastle.ocsp.OCSPReqGenerator; +//import org.bouncycastle.ocsp.OCSPResp; +//import org.bouncycastle.ocsp.SingleResp; +// +///** +// * OcspClient implementation using BouncyCastle. +// * @author psoares +// * @since 2.1.6 +// */ +//public class OcspClientBouncyCastle implements OcspClient { +// /** root certificate */ +// private X509Certificate rootCert; +// /** check certificate */ +// private X509Certificate checkCert; +// /** OCSP URL */ +// private String url; +// +// /** +// * Creates an instance of an OcspClient that will be using BouncyCastle. +// * @param checkCert the check certificate +// * @param rootCert the root certificate +// * @param url the OCSP URL +// */ +// public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { +// this.checkCert = checkCert; +// this.rootCert = rootCert; +// this.url = url; +// } +// +// /** +// * Generates an OCSP request using BouncyCastle. +// * @param issuerCert certificate of the issues +// * @param serialNumber serial number +// * @return an OCSP request +// * @throws OCSPException +// * @throws IOException +// */ +// private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { +// //Add provider BC +// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); +// +// // Generate the id for the certificate we are looking for +// CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); +// +// // basic request generation with nonce +// OCSPReqGenerator gen = new OCSPReqGenerator(); +// +// gen.addRequest(id); +// +// // create details for nonce extension +// Vector oids = new Vector(); +// Vector values = new Vector(); +// +// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); +// values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); +// +// gen.setRequestExtensions(new X509Extensions(oids, values)); +// +// return gen.generate(); +// } +// +// /** +// * @return a byte array +// * @see com.fr.third.com.lowagie.text.pdf.OcspClient#getEncoded() +// */ +// public byte[] getEncoded() { +// try { +// OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); +// byte[] array = request.getEncoded(); +// URL urlt = new URL(url); +// HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); +// con.setRequestProperty("Content-Type", "application/ocsp-request"); +// con.setRequestProperty("Accept", "application/ocsp-response"); +// con.setDoOutput(true); +// OutputStream out = con.getOutputStream(); +// DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); +// dataOut.write(array); +// dataOut.flush(); +// dataOut.close(); +// if (con.getResponseCode() / 100 != 2) { +// throw new IOException("Invalid HTTP response"); +// } +// //Get Response +// InputStream in = (InputStream) con.getContent(); +// OCSPResp ocspResponse = new OCSPResp(in); +// +// if (ocspResponse.getStatus() != 0) +// throw new IOException("Invalid status: " + ocspResponse.getStatus()); +// BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); +// if (basicResponse != null) { +// SingleResp[] responses = basicResponse.getResponses(); +// if (responses.length == 1) { +// SingleResp resp = responses[0]; +// Object status = resp.getCertStatus(); +// if (status == CertificateStatus.GOOD) { +// return basicResponse.getEncoded(); +// } +// else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { +// throw new IOException("OCSP Status is revoked!"); +// } +// else { +// throw new IOException("OCSP Status is unknown!"); +// } +// } +// } +// } +// catch (Exception ex) { +// throw new ExceptionConverter(ex); +// } +// return null; +// } +//} diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java index 099674b60..7c87ec2f2 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPKCS7.java @@ -46,6 +46,8 @@ */ package com.fr.third.com.lowagie.text.pdf; +import com.fr.third.org.bouncycastle.asn1.ASN1Object; +import com.fr.third.org.bouncycastle.asn1.ASN1String; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -75,43 +77,41 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Set; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.jce.provider.X509CRLParser; -import org.bouncycastle.jce.provider.X509CertParser; +import com.fr.third.org.bouncycastle.asn1.ASN1Encodable; +import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector; +import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; +import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream; +import com.fr.third.org.bouncycastle.asn1.ASN1Sequence; +import com.fr.third.org.bouncycastle.asn1.ASN1Set; +import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject; +import com.fr.third.org.bouncycastle.asn1.DEREnumerated; +import com.fr.third.org.bouncycastle.asn1.DERInteger; +import com.fr.third.org.bouncycastle.asn1.DERNull; +import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; +import com.fr.third.org.bouncycastle.asn1.DEROctetString; +import com.fr.third.org.bouncycastle.asn1.DEROutputStream; +import com.fr.third.org.bouncycastle.asn1.DERSequence; +import com.fr.third.org.bouncycastle.asn1.DERSet; +import com.fr.third.org.bouncycastle.asn1.DERTaggedObject; +import com.fr.third.org.bouncycastle.asn1.DERUTCTime; +import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable; +import com.fr.third.org.bouncycastle.asn1.cms.Attribute; +import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse; +import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; +import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser; +import com.fr.third.org.bouncycastle.jce.provider.X509CertParser; import com.fr.third.com.lowagie.text.ExceptionConverter; import java.security.cert.CertificateParsingException; import java.util.Date; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.tsp.MessageImprint; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.SingleResp; -import org.bouncycastle.tsp.TimeStampToken; +import com.fr.third.org.bouncycastle.asn1.ASN1OctetString; +import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; +import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint; +import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions; +//import org.bouncycastle.ocsp.BasicOCSPResp; +//import org.bouncycastle.ocsp.CertificateID; +//import org.bouncycastle.ocsp.SingleResp; +//import org.bouncycastle.tsp.TimeStampToken; /** * This class does all the processing related to signing and verifying a PKCS#7 @@ -167,7 +167,7 @@ public class PdfPKCS7 { */ private String signName; - private TimeStampToken timeStampToken; +// private TimeStampToken timeStampToken; private static final HashMap digestNames = new HashMap(); private static final HashMap algorithmNames = new HashMap(); @@ -273,23 +273,23 @@ public class PdfPKCS7 { * @return the timestamp token or null * @since 2.1.6 */ - public TimeStampToken getTimeStampToken() { - return timeStampToken; - } +// public TimeStampToken getTimeStampToken() { +// return timeStampToken; +// } /** * Gets the timestamp date * @return a date * @since 2.1.6 */ - public Calendar getTimeStampDate() { - if (timeStampToken == null) - return null; - Calendar cal = new GregorianCalendar(); - Date date = timeStampToken.getTimeStampInfo().getGenTime(); - cal.setTime(date); - return cal; - } +// public Calendar getTimeStampDate() { +// if (timeStampToken == null) +// return null; +// Calendar cal = new GregorianCalendar(); +// Date date = timeStampToken.getTimeStampInfo().getGenTime(); +// cal.setTime(date); +// return cal; +// } /** * Verifies a signature using the sub-filter adbe.x509.rsa_sha1. @@ -319,19 +319,19 @@ public class PdfPKCS7 { } } - private BasicOCSPResp basicResp; +// private BasicOCSPResp basicResp; /** * Gets the OCSP basic response if there is one. * @return the OCSP basic response or null * @since 2.1.6 */ - public BasicOCSPResp getOcsp() { - return basicResp; - } +// public BasicOCSPResp getOcsp() { +// return basicResp; +// } private void findOcsp(ASN1Sequence seq) throws IOException { - basicResp = null; +// basicResp = null; boolean ret = false; while (true) { if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) @@ -362,7 +362,7 @@ public class PdfPKCS7 { DEROctetString os = (DEROctetString)seq.getObjectAt(1); ASN1InputStream inp = new ASN1InputStream(os.getOctets()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); - basicResp = new BasicOCSPResp(resp); +// basicResp = new BasicOCSPResp(resp); } /** @@ -379,7 +379,7 @@ public class PdfPKCS7 { // // Basic checks to make sure it's a PKCS#7 SignedData Object // - DERObject pkcs; + ASN1Object pkcs; try { pkcs = din.readObject(); @@ -464,7 +464,7 @@ public class PdfPKCS7 { if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1Set sseq = ASN1Set.getInstance(tagsig, false); - sigAttr = sseq.getEncoded(ASN1Encodable.DER); + sigAttr = sseq.getEncoded("DER"); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); @@ -499,7 +499,7 @@ public class PdfPKCS7 { ASN1Set attributeValues = ts.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = new ContentInfo(tokenSequence); - this.timeStampToken = new TimeStampToken(contentInfo); +// this.timeStampToken = new TimeStampToken(contentInfo); } } if (RSAdata != null || digestAttr != null) { @@ -641,15 +641,15 @@ public class PdfPKCS7 { * @return true if it checks false otherwise * @since 2.1.6 */ - public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { - if (timeStampToken == null) - return false; - MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); - byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); - byte[] imphashed = imprint.getHashedMessage(); - boolean res = Arrays.equals(md, imphashed); - return res; - } +// public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { +// if (timeStampToken == null) +// return false; +// MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); +// byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); +// byte[] imphashed = imprint.getHashedMessage(); +// boolean res = Arrays.equals(md, imphashed); +// return res; +// } /** * Get all the X.509 certificates associated with this PKCS#7 object in no particular order. @@ -888,27 +888,27 @@ public class PdfPKCS7 { * @return true is a certificate was found * @since 2.1.6 */ - public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { - if (provider == null) - provider = "BC"; - try { - for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { - try { - String alias = (String)aliases.nextElement(); - if (!keystore.isCertificateEntry(alias)) - continue; - X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); - if (ocsp.verify(certStoreX509.getPublicKey(), provider)) - return true; - } - catch (Exception ex) { - } - } - } - catch (Exception e) { - } - return false; - } +// public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { +// if (provider == null) +// provider = "BC"; +// try { +// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { +// try { +// String alias = (String)aliases.nextElement(); +// if (!keystore.isCertificateEntry(alias)) +// continue; +// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); +// if (ocsp.verify(certStoreX509.getPublicKey(), provider)) +// return true; +// } +// catch (Exception ex) { +// } +// } +// } +// catch (Exception e) { +// } +// return false; +// } /** * Verifies a timestamp against a KeyStore. @@ -918,27 +918,27 @@ public class PdfPKCS7 { * @return true is a certificate was found * @since 2.1.6 */ - public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { - if (provider == null) - provider = "BC"; - try { - for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { - try { - String alias = (String)aliases.nextElement(); - if (!keystore.isCertificateEntry(alias)) - continue; - X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); - ts.validate(certStoreX509, provider); - return true; - } - catch (Exception ex) { - } - } - } - catch (Exception e) { - } - return false; - } +// public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { +// if (provider == null) +// provider = "BC"; +// try { +// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { +// try { +// String alias = (String)aliases.nextElement(); +// if (!keystore.isCertificateEntry(alias)) +// continue; +// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); +// ts.validate(certStoreX509, provider); +// return true; +// } +// catch (Exception ex) { +// } +// } +// } +// catch (Exception e) { +// } +// return false; +// } /** * Retrieves the OCSP URL from the given certificate. @@ -949,7 +949,7 @@ public class PdfPKCS7 { */ public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException { try { - DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); + ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); if (obj == null) { return null; } @@ -961,7 +961,7 @@ public class PdfPKCS7 { continue; } else { if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { - String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1)); + String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1)); if ( AccessLocation == null ) { return "" ; } else { @@ -980,26 +980,26 @@ public class PdfPKCS7 { * @return true if it checks false otherwise * @since 2.1.6 */ - public boolean isRevocationValid() { - if (basicResp == null) - return false; - if (signCerts.size() < 2) - return false; - try { - X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); - SingleResp sr = basicResp.getResponses()[0]; - CertificateID cid = sr.getCertID(); - X509Certificate sigcer = getSigningCertificate(); - X509Certificate isscer = cs[1]; - CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); - return tis.equals(cid); - } - catch (Exception ex) { - } - return false; - } +// public boolean isRevocationValid() { +// if (basicResp == null) +// return false; +// if (signCerts.size() < 2) +// return false; +// try { +// X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); +// SingleResp sr = basicResp.getResponses()[0]; +// CertificateID cid = sr.getCertID(); +// X509Certificate sigcer = getSigningCertificate(); +// X509Certificate isscer = cs[1]; +// CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); +// return tis.equals(cid); +// } +// catch (Exception ex) { +// } +// return false; +// } - private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { + private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException { byte[] bytes = cert.getExtensionValue(oid); if (bytes == null) { return null; @@ -1010,7 +1010,7 @@ public class PdfPKCS7 { return aIn.readObject(); } - private static String getStringFromGeneralName(DERObject names) throws IOException { + private static String getStringFromGeneralName(ASN1Object names) throws IOException { DERTaggedObject taggedObject = (DERTaggedObject) names ; return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); } @@ -1020,11 +1020,11 @@ public class PdfPKCS7 { * @param enc a TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getIssuer(byte[] enc) { + private static ASN1Object getIssuer(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); + return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1036,11 +1036,11 @@ public class PdfPKCS7 { * @param enc A TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getSubject(byte[] enc) { + private static ASN1Object getSubject(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); + return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1340,7 +1340,7 @@ public class PdfPKCS7 { */ public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { try { - return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER); + return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER"); } catch (Exception e) { throw new ExceptionConverter(e); @@ -1575,7 +1575,7 @@ public class PdfPKCS7 { vs = new ArrayList(); values.put(id, vs); } - vs.add(((DERString)s.getObjectAt(1)).getString()); + vs.add(((ASN1String)s.getObjectAt(1)).getString()); } } } diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java index 0abe0dd9d..4a0b9aae4 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java @@ -89,6 +89,8 @@ package com.fr.third.com.lowagie.text.pdf; +import com.fr.third.org.bouncycastle.asn1.ASN1Object; +import com.fr.third.org.bouncycastle.asn1.ASN1Set; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -107,22 +109,21 @@ import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientIdentifier; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; +import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; +import com.fr.third.org.bouncycastle.asn1.DEROctetString; +import com.fr.third.org.bouncycastle.asn1.DEROutputStream; +import com.fr.third.org.bouncycastle.asn1.DERSet; +import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; +import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; +import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData; +import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo; +import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier; +import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo; +import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure; /** * @author Aiken Sam (aikensam@ieee.org) @@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler { pkcs7input[22] = two; pkcs7input[23] = one; - DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); + ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler { return EncodedRecipients; } - private DERObject createDERForRecipient(byte[] in, X509Certificate cert) + private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException { @@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler { AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); - DERObject derobject = asn1inputstream.readObject(); + ASN1Object derobject = asn1inputstream.readObject(); KeyGenerator keygenerator = KeyGenerator.getInstance(s); keygenerator.init(128); SecretKey secretkey = keygenerator.generateKey(); @@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler { AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); - EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); + EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null); ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); - return contentinfo.getDERObject(); + return contentinfo.getContentType(); } private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) @@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler { new IssuerAndSerialNumber( tbscertificatestructure.getIssuer(), tbscertificatestructure.getSerialNumber().getValue()); - Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId()); + Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); cipher.init(1, x509certificate); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java index f29c9b222..bd911a832 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/PdfReader.java @@ -78,8 +78,8 @@ import com.fr.third.com.lowagie.text.exceptions.UnsupportedPdfException; import com.fr.third.com.lowagie.text.pdf.interfaces.PdfViewerPreferences; import com.fr.third.com.lowagie.text.pdf.internal.PdfViewerPreferencesImp; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.RecipientInformation; +//import com.fr.third.org.bouncycastle.cms.CMSEnvelopedData; +//import com.fr.third.org.bouncycastle.cms.RecipientInformation; /** Reads a PDF document. * @author Paulo Soares (psoares@consiste.pt) @@ -709,24 +709,24 @@ public class PdfReader implements PdfViewerPreferences { PdfObject recipient = recipients.getPdfObject(i); strings.remove(recipient); - CMSEnvelopedData data = null; - try { - data = new CMSEnvelopedData(recipient.getBytes()); - - Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); - - while (recipientCertificatesIt.hasNext()) { - RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); - - if (recipientInfo.getRID().match(certificate) && !foundRecipient) { - envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); - foundRecipient = true; - } - } - } - catch (Exception f) { - throw new ExceptionConverter(f); - } +// CMSEnvelopedData data = null; +// try { +// data = new CMSEnvelopedData(recipient.getBytes()); +// +// Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); +// +// while (recipientCertificatesIt.hasNext()) { +// RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); +// +// if (recipientInfo.getRID().match(certificate) && !foundRecipient) { +// envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); +// foundRecipient = true; +// } +// } +// } +// catch (Exception f) { +// throw new ExceptionConverter(f); +// } } if(!foundRecipient || envelopedData == null) { diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java index 626b2b3b8..c5077f3a0 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/TSAClientBouncyCastle.java @@ -1,230 +1,230 @@ -/* - * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ - * - * Copyright 2009 Martin Brunecky, Aiken Sam - * - * The contents of this file are subject to the Mozilla Public License Version 1.1 - * (the "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the License. - * - * The Original Code is 'iText, a free JAVA-PDF library'. - * - * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by - * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. - * All Rights Reserved. - * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer - * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. - * - * Contributor(s): all the names of the contributors are added in the source code - * where applicable. - * - * Alternatively, the contents of this file may be used under the terms of the - * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the - * provisions of LGPL are applicable instead of those above. If you wish to - * allow use of your version of this file only under the terms of the LGPL - * License and not to allow others to use your version of this file under - * the MPL, indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by the LGPL. - * If you do not delete the provisions above, a recipient may use your version - * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the MPL as stated above or under the terms of the GNU - * Library General Public License as published by the Free Software Foundation; - * either version 2 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more - * details. - * - * If you didn't download this code from the following link, you should check if - * you aren't using an obsolete version: - * http://www.lowagie.com/iText/ - */ - -package com.fr.third.com.lowagie.text.pdf; - -import java.io.*; -import java.math.*; -import java.net.*; - -import org.bouncycastle.asn1.cmp.*; -import org.bouncycastle.asn1.x509.*; -import org.bouncycastle.tsp.*; - -import com.fr.third.com.lowagie.text.pdf.codec.Base64; - -/** - * Time Stamp Authority Client interface implementation using Bouncy Castle - * org.bouncycastle.tsp package. - *

- * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 - * for ease of subclassing. - *

- * @since 2.1.6 - */ -public class TSAClientBouncyCastle implements TSAClient { - /** URL of the Time Stamp Authority */ - protected String tsaURL; - /** TSA Username */ - protected String tsaUsername; - /** TSA password */ - protected String tsaPassword; - /** Estimate of the received time stamp token */ - protected int tokSzEstimate; - - /** - * Creates an instance of a TSAClient that will use BouncyCastle. - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - */ - public TSAClientBouncyCastle(String url) { - this(url, null, null, 4096); - } - - /** - * Creates an instance of a TSAClient that will use BouncyCastle. - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - * @param username String - user(account) name - * @param password String - password - */ - public TSAClientBouncyCastle(String url, String username, String password) { - this(url, username, password, 4096); - } - - /** - * Constructor. - * Note the token size estimate is updated by each call, as the token - * size is not likely to change (as long as we call the same TSA using - * the same imprint length). - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - * @param username String - user(account) name - * @param password String - password - * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) - */ - public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { - this.tsaURL = url; - this.tsaUsername = username; - this.tsaPassword = password; - this.tokSzEstimate = tokSzEstimate; - } - - /** - * Get the token size estimate. - * Returned value reflects the result of the last succesfull call, padded - * @return an estimate of the token size - */ - public int getTokenSizeEstimate() { - return tokSzEstimate; - } - - /** - * Get RFC 3161 timeStampToken. - * Method may return null indicating that timestamp should be skipped. - * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) - * @param imprint byte[] - data imprint to be time-stamped - * @return byte[] - encoded, TSA signed data of the timeStampToken - * @throws Exception - TSA request failed - * @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[]) - */ - public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { - return getTimeStampToken(imprint); - } - - /** - * Get timestamp token - Bouncy Castle request encoding / decoding layer - */ - protected byte[] getTimeStampToken(byte[] imprint) throws Exception { - byte[] respBytes = null; - try { - // Setup the time stamp request - TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); - tsqGenerator.setCertReq(true); - // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); - BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); - TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); - byte[] requestBytes = request.getEncoded(); - - // Call the communications layer - respBytes = getTSAResponse(requestBytes); - - // Handle the TSA response - TimeStampResponse response = new TimeStampResponse(respBytes); - - // validate communication level attributes (RFC 3161 PKIStatus) - response.validate(request); - PKIFailureInfo failure = response.getFailInfo(); - int value = (failure == null) ? 0 : failure.intValue(); - if (value != 0) { - // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string - throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); - } - // @todo: validate the time stap certificate chain (if we want - // assure we do not sign using an invalid timestamp). - - // extract just the time stamp token (removes communication status info) - TimeStampToken tsToken = response.getTimeStampToken(); - if (tsToken == null) { - throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); - } - TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details - byte[] encoded = tsToken.getEncoded(); - long stop = System.currentTimeMillis(); - - // Update our token size estimate for the next call (padded to be safe) - this.tokSzEstimate = encoded.length + 32; - return encoded; - } catch (Exception e) { - throw e; - } catch (Throwable t) { - throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); - } - } - - /** - * Get timestamp token - communications layer - * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) - */ - protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { - // Setup the TSA connection - URL url = new URL(tsaURL); - URLConnection tsaConnection; - tsaConnection = (URLConnection) url.openConnection(); - - tsaConnection.setDoInput(true); - tsaConnection.setDoOutput(true); - tsaConnection.setUseCaches(false); - tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); - //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); - tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); - - if ((tsaUsername != null) && !tsaUsername.equals("") ) { - String userPassword = tsaUsername + ":" + tsaPassword; - tsaConnection.setRequestProperty("Authorization", "Basic " + - new String(Base64.encodeBytes(userPassword.getBytes()))); - } - OutputStream out = tsaConnection.getOutputStream(); - out.write(requestBytes); - out.close(); - - // Get TSA response as a byte array - InputStream inp = tsaConnection.getInputStream(); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - byte[] buffer = new byte[1024]; - int bytesRead = 0; - while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { - baos.write(buffer, 0, bytesRead); - } - byte[] respBytes = baos.toByteArray(); - - String encoding = tsaConnection.getContentEncoding(); - if (encoding != null && encoding.equalsIgnoreCase("base64")) { - respBytes = Base64.decode(new String(respBytes)); - } - return respBytes; - } -} \ No newline at end of file +///* +// * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ +// * +// * Copyright 2009 Martin Brunecky, Aiken Sam +// * +// * The contents of this file are subject to the Mozilla Public License Version 1.1 +// * (the "License"); you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at http://www.mozilla.org/MPL/ +// * +// * Software distributed under the License is distributed on an "AS IS" basis, +// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +// * for the specific language governing rights and limitations under the License. +// * +// * The Original Code is 'iText, a free JAVA-PDF library'. +// * +// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by +// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. +// * All Rights Reserved. +// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer +// * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. +// * +// * Contributor(s): all the names of the contributors are added in the source code +// * where applicable. +// * +// * Alternatively, the contents of this file may be used under the terms of the +// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the +// * provisions of LGPL are applicable instead of those above. If you wish to +// * allow use of your version of this file only under the terms of the LGPL +// * License and not to allow others to use your version of this file under +// * the MPL, indicate your decision by deleting the provisions above and +// * replace them with the notice and other provisions required by the LGPL. +// * If you do not delete the provisions above, a recipient may use your version +// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. +// * +// * This library is free software; you can redistribute it and/or modify it +// * under the terms of the MPL as stated above or under the terms of the GNU +// * Library General Public License as published by the Free Software Foundation; +// * either version 2 of the License, or any later version. +// * +// * This library is distributed in the hope that it will be useful, but WITHOUT +// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more +// * details. +// * +// * If you didn't download this code from the following link, you should check if +// * you aren't using an obsolete version: +// * http://www.lowagie.com/iText/ +// */ +// +//package com.fr.third.com.lowagie.text.pdf; +// +//import java.io.*; +//import java.math.*; +//import java.net.*; +// +//import org.bouncycastle.asn1.cmp.*; +//import org.bouncycastle.asn1.x509.*; +//import org.bouncycastle.tsp.*; +// +//import com.fr.third.com.lowagie.text.pdf.codec.Base64; +// +///** +// * Time Stamp Authority Client interface implementation using Bouncy Castle +// * org.bouncycastle.tsp package. +// *

+// * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 +// * for ease of subclassing. +// *

+// * @since 2.1.6 +// */ +//public class TSAClientBouncyCastle implements TSAClient { +// /** URL of the Time Stamp Authority */ +// protected String tsaURL; +// /** TSA Username */ +// protected String tsaUsername; +// /** TSA password */ +// protected String tsaPassword; +// /** Estimate of the received time stamp token */ +// protected int tokSzEstimate; +// +// /** +// * Creates an instance of a TSAClient that will use BouncyCastle. +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// */ +// public TSAClientBouncyCastle(String url) { +// this(url, null, null, 4096); +// } +// +// /** +// * Creates an instance of a TSAClient that will use BouncyCastle. +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// * @param username String - user(account) name +// * @param password String - password +// */ +// public TSAClientBouncyCastle(String url, String username, String password) { +// this(url, username, password, 4096); +// } +// +// /** +// * Constructor. +// * Note the token size estimate is updated by each call, as the token +// * size is not likely to change (as long as we call the same TSA using +// * the same imprint length). +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// * @param username String - user(account) name +// * @param password String - password +// * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) +// */ +// public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { +// this.tsaURL = url; +// this.tsaUsername = username; +// this.tsaPassword = password; +// this.tokSzEstimate = tokSzEstimate; +// } +// +// /** +// * Get the token size estimate. +// * Returned value reflects the result of the last succesfull call, padded +// * @return an estimate of the token size +// */ +// public int getTokenSizeEstimate() { +// return tokSzEstimate; +// } +// +// /** +// * Get RFC 3161 timeStampToken. +// * Method may return null indicating that timestamp should be skipped. +// * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) +// * @param imprint byte[] - data imprint to be time-stamped +// * @return byte[] - encoded, TSA signed data of the timeStampToken +// * @throws Exception - TSA request failed +// * @see com.fr.third.com.lowagie.text.pdf.TSAClient#getTimeStampToken(com.fr.third.com.lowagie.text.pdf.PdfPKCS7, byte[]) +// */ +// public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { +// return getTimeStampToken(imprint); +// } +// +// /** +// * Get timestamp token - Bouncy Castle request encoding / decoding layer +// */ +// protected byte[] getTimeStampToken(byte[] imprint) throws Exception { +// byte[] respBytes = null; +// try { +// // Setup the time stamp request +// TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); +// tsqGenerator.setCertReq(true); +// // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); +// BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); +// TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); +// byte[] requestBytes = request.getEncoded(); +// +// // Call the communications layer +// respBytes = getTSAResponse(requestBytes); +// +// // Handle the TSA response +// TimeStampResponse response = new TimeStampResponse(respBytes); +// +// // validate communication level attributes (RFC 3161 PKIStatus) +// response.validate(request); +// PKIFailureInfo failure = response.getFailInfo(); +// int value = (failure == null) ? 0 : failure.intValue(); +// if (value != 0) { +// // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string +// throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); +// } +// // @todo: validate the time stap certificate chain (if we want +// // assure we do not sign using an invalid timestamp). +// +// // extract just the time stamp token (removes communication status info) +// TimeStampToken tsToken = response.getTimeStampToken(); +// if (tsToken == null) { +// throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); +// } +// TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details +// byte[] encoded = tsToken.getEncoded(); +// long stop = System.currentTimeMillis(); +// +// // Update our token size estimate for the next call (padded to be safe) +// this.tokSzEstimate = encoded.length + 32; +// return encoded; +// } catch (Exception e) { +// throw e; +// } catch (Throwable t) { +// throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); +// } +// } +// +// /** +// * Get timestamp token - communications layer +// * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) +// */ +// protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { +// // Setup the TSA connection +// URL url = new URL(tsaURL); +// URLConnection tsaConnection; +// tsaConnection = (URLConnection) url.openConnection(); +// +// tsaConnection.setDoInput(true); +// tsaConnection.setDoOutput(true); +// tsaConnection.setUseCaches(false); +// tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); +// //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); +// tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); +// +// if ((tsaUsername != null) && !tsaUsername.equals("") ) { +// String userPassword = tsaUsername + ":" + tsaPassword; +// tsaConnection.setRequestProperty("Authorization", "Basic " + +// new String(Base64.encodeBytes(userPassword.getBytes()))); +// } +// OutputStream out = tsaConnection.getOutputStream(); +// out.write(requestBytes); +// out.close(); +// +// // Get TSA response as a byte array +// InputStream inp = tsaConnection.getInputStream(); +// ByteArrayOutputStream baos = new ByteArrayOutputStream(); +// byte[] buffer = new byte[1024]; +// int bytesRead = 0; +// while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { +// baos.write(buffer, 0, bytesRead); +// } +// byte[] respBytes = baos.toByteArray(); +// +// String encoding = tsaConnection.getContentEncoding(); +// if (encoding != null && encoding.equalsIgnoreCase("base64")) { +// respBytes = Base64.decode(new String(respBytes)); +// } +// return respBytes; +// } +//} \ No newline at end of file diff --git a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java index 64d0f4490..829d79d9d 100755 --- a/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java +++ b/fine-itext-old/src/com/fr/third/com/lowagie/text/pdf/crypto/AESCipher.java @@ -48,12 +48,12 @@ */ package com.fr.third.com.lowagie.text.pdf.crypto; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; +import com.fr.third.org.bouncycastle.crypto.BlockCipher; +import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine; +import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher; +import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; +import com.fr.third.org.bouncycastle.crypto.params.KeyParameter; +import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV; /** * Creates an AES Cipher with CBC and padding PKCS5/7. diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java index 16e4a793f..0ca4706e2 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/OcspClientBouncyCastle.java @@ -1,185 +1,185 @@ -/* - * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ - * - * Copyright 2009 Paulo Soares - * - * The contents of this file are subject to the Mozilla Public License Version 1.1 - * (the "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the License. - * - * The Original Code is 'iText, a free JAVA-PDF library'. - * - * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by - * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. - * All Rights Reserved. - * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer - * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. - * - * Contributor(s): all the names of the contributors are added in the source code - * where applicable. - * - * Alternatively, the contents of this file may be used under the terms of the - * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the - * provisions of LGPL are applicable instead of those above. If you wish to - * allow use of your version of this file only under the terms of the LGPL - * License and not to allow others to use your version of this file under - * the MPL, indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by the LGPL. - * If you do not delete the provisions above, a recipient may use your version - * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the MPL as stated above or under the terms of the GNU - * Library General Public License as published by the Free Software Foundation; - * either version 2 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more - * details. - * - * If you didn't download this code from the following link, you should check if - * you aren't using an obsolete version: - * http://www.lowagie.com/iText/ - */ - -package com.fr.third.v2.lowagie.text.pdf; - -import com.fr.third.v2.lowagie.text.ExceptionConverter; - -import java.io.BufferedOutputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.math.BigInteger; -import java.net.HttpURLConnection; -import java.net.URL; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.Vector; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.CertificateStatus; -import org.bouncycastle.ocsp.OCSPException; -import org.bouncycastle.ocsp.OCSPReq; -import org.bouncycastle.ocsp.OCSPReqGenerator; -import org.bouncycastle.ocsp.OCSPResp; -import org.bouncycastle.ocsp.SingleResp; - -/** - * OcspClient implementation using BouncyCastle. - * @author psoares - * @since 2.1.6 - */ -public class OcspClientBouncyCastle implements OcspClient { - /** root certificate */ - private X509Certificate rootCert; - /** check certificate */ - private X509Certificate checkCert; - /** OCSP URL */ - private String url; - - /** - * Creates an instance of an OcspClient that will be using BouncyCastle. - * @param checkCert the check certificate - * @param rootCert the root certificate - * @param url the OCSP URL - */ - public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { - this.checkCert = checkCert; - this.rootCert = rootCert; - this.url = url; - } - - /** - * Generates an OCSP request using BouncyCastle. - * @param issuerCert certificate of the issues - * @param serialNumber serial number - * @return an OCSP request - * @throws OCSPException - * @throws IOException - */ - private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { - //Add provider BC - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - - // Generate the id for the certificate we are looking for - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); - - // basic request generation with nonce - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest(id); - - // create details for nonce extension - Vector oids = new Vector(); - Vector values = new Vector(); - - oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - return gen.generate(); - } - - /** - * @return a byte array - * @see OcspClient#getEncoded() - */ - public byte[] getEncoded() { - try { - OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); - byte[] array = request.getEncoded(); - URL urlt = new URL(url); - HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); - con.setRequestProperty("Content-Type", "application/ocsp-request"); - con.setRequestProperty("Accept", "application/ocsp-response"); - con.setDoOutput(true); - OutputStream out = con.getOutputStream(); - DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); - dataOut.write(array); - dataOut.flush(); - dataOut.close(); - if (con.getResponseCode() / 100 != 2) { - throw new IOException("Invalid HTTP response"); - } - //Get Response - InputStream in = (InputStream) con.getContent(); - OCSPResp ocspResponse = new OCSPResp(in); - - if (ocspResponse.getStatus() != 0) - throw new IOException("Invalid status: " + ocspResponse.getStatus()); - BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); - if (basicResponse != null) { - SingleResp[] responses = basicResponse.getResponses(); - if (responses.length == 1) { - SingleResp resp = responses[0]; - Object status = resp.getCertStatus(); - if (status == CertificateStatus.GOOD) { - return basicResponse.getEncoded(); - } - else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { - throw new IOException("OCSP Status is revoked!"); - } - else { - throw new IOException("OCSP Status is unknown!"); - } - } - } - } - catch (Exception ex) { - throw new ExceptionConverter(ex); - } - return null; - } -} +///* +// * $Id: OcspClientBouncyCastle.java 3959 2009-06-09 08:31:05Z blowagie $ +// * +// * Copyright 2009 Paulo Soares +// * +// * The contents of this file are subject to the Mozilla Public License Version 1.1 +// * (the "License"); you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at http://www.mozilla.org/MPL/ +// * +// * Software distributed under the License is distributed on an "AS IS" basis, +// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +// * for the specific language governing rights and limitations under the License. +// * +// * The Original Code is 'iText, a free JAVA-PDF library'. +// * +// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by +// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. +// * All Rights Reserved. +// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer +// * are Copyright (C) 2009 by Paulo Soares. All Rights Reserved. +// * +// * Contributor(s): all the names of the contributors are added in the source code +// * where applicable. +// * +// * Alternatively, the contents of this file may be used under the terms of the +// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the +// * provisions of LGPL are applicable instead of those above. If you wish to +// * allow use of your version of this file only under the terms of the LGPL +// * License and not to allow others to use your version of this file under +// * the MPL, indicate your decision by deleting the provisions above and +// * replace them with the notice and other provisions required by the LGPL. +// * If you do not delete the provisions above, a recipient may use your version +// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. +// * +// * This library is free software; you can redistribute it and/or modify it +// * under the terms of the MPL as stated above or under the terms of the GNU +// * Library General Public License as published by the Free Software Foundation; +// * either version 2 of the License, or any later version. +// * +// * This library is distributed in the hope that it will be useful, but WITHOUT +// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more +// * details. +// * +// * If you didn't download this code from the following link, you should check if +// * you aren't using an obsolete version: +// * http://www.lowagie.com/iText/ +// */ +// +//package com.fr.third.v2.lowagie.text.pdf; +// +//import com.fr.third.v2.lowagie.text.ExceptionConverter; +// +//import java.io.BufferedOutputStream; +//import java.io.DataOutputStream; +//import java.io.IOException; +//import java.io.InputStream; +//import java.io.OutputStream; +//import java.math.BigInteger; +//import java.net.HttpURLConnection; +//import java.net.URL; +//import java.security.Security; +//import java.security.cert.X509Certificate; +//import java.util.Vector; +//import org.bouncycastle.asn1.DEROctetString; +//import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; +//import org.bouncycastle.asn1.x509.X509Extension; +//import org.bouncycastle.asn1.x509.X509Extensions; +//import org.bouncycastle.ocsp.BasicOCSPResp; +//import org.bouncycastle.ocsp.CertificateID; +//import org.bouncycastle.ocsp.CertificateStatus; +//import org.bouncycastle.ocsp.OCSPException; +//import org.bouncycastle.ocsp.OCSPReq; +//import org.bouncycastle.ocsp.OCSPReqGenerator; +//import org.bouncycastle.ocsp.OCSPResp; +//import org.bouncycastle.ocsp.SingleResp; +// +///** +// * OcspClient implementation using BouncyCastle. +// * @author psoares +// * @since 2.1.6 +// */ +//public class OcspClientBouncyCastle implements OcspClient { +// /** root certificate */ +// private X509Certificate rootCert; +// /** check certificate */ +// private X509Certificate checkCert; +// /** OCSP URL */ +// private String url; +// +// /** +// * Creates an instance of an OcspClient that will be using BouncyCastle. +// * @param checkCert the check certificate +// * @param rootCert the root certificate +// * @param url the OCSP URL +// */ +// public OcspClientBouncyCastle(X509Certificate checkCert, X509Certificate rootCert, String url) { +// this.checkCert = checkCert; +// this.rootCert = rootCert; +// this.url = url; +// } +// +// /** +// * Generates an OCSP request using BouncyCastle. +// * @param issuerCert certificate of the issues +// * @param serialNumber serial number +// * @return an OCSP request +// * @throws OCSPException +// * @throws IOException +// */ +// private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException { +// //Add provider BC +// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); +// +// // Generate the id for the certificate we are looking for +// CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber); +// +// // basic request generation with nonce +// OCSPReqGenerator gen = new OCSPReqGenerator(); +// +// gen.addRequest(id); +// +// // create details for nonce extension +// Vector oids = new Vector(); +// Vector values = new Vector(); +// +// oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); +// values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()))); +// +// gen.setRequestExtensions(new X509Extensions(oids, values)); +// +// return gen.generate(); +// } +// +// /** +// * @return a byte array +// * @see OcspClient#getEncoded() +// */ +// public byte[] getEncoded() { +// try { +// OCSPReq request = generateOCSPRequest(rootCert, checkCert.getSerialNumber()); +// byte[] array = request.getEncoded(); +// URL urlt = new URL(url); +// HttpURLConnection con = (HttpURLConnection)urlt.openConnection(); +// con.setRequestProperty("Content-Type", "application/ocsp-request"); +// con.setRequestProperty("Accept", "application/ocsp-response"); +// con.setDoOutput(true); +// OutputStream out = con.getOutputStream(); +// DataOutputStream dataOut = new DataOutputStream(new BufferedOutputStream(out)); +// dataOut.write(array); +// dataOut.flush(); +// dataOut.close(); +// if (con.getResponseCode() / 100 != 2) { +// throw new IOException("Invalid HTTP response"); +// } +// //Get Response +// InputStream in = (InputStream) con.getContent(); +// OCSPResp ocspResponse = new OCSPResp(in); +// +// if (ocspResponse.getStatus() != 0) +// throw new IOException("Invalid status: " + ocspResponse.getStatus()); +// BasicOCSPResp basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); +// if (basicResponse != null) { +// SingleResp[] responses = basicResponse.getResponses(); +// if (responses.length == 1) { +// SingleResp resp = responses[0]; +// Object status = resp.getCertStatus(); +// if (status == CertificateStatus.GOOD) { +// return basicResponse.getEncoded(); +// } +// else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) { +// throw new IOException("OCSP Status is revoked!"); +// } +// else { +// throw new IOException("OCSP Status is unknown!"); +// } +// } +// } +// } +// catch (Exception ex) { +// throw new ExceptionConverter(ex); +// } +// return null; +// } +//} diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java index 1497f2eeb..def996620 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPKCS7.java @@ -46,6 +46,8 @@ */ package com.fr.third.v2.lowagie.text.pdf; +import com.fr.third.org.bouncycastle.asn1.ASN1Object; +import com.fr.third.org.bouncycastle.asn1.ASN1String; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.File; @@ -76,42 +78,40 @@ import java.util.Iterator; import java.util.Set; import com.fr.third.v2.lowagie.text.ExceptionConverter; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.jce.provider.X509CRLParser; -import org.bouncycastle.jce.provider.X509CertParser; +import com.fr.third.org.bouncycastle.asn1.ASN1Encodable; +import com.fr.third.org.bouncycastle.asn1.ASN1EncodableVector; +import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; +import com.fr.third.org.bouncycastle.asn1.ASN1OutputStream; +import com.fr.third.org.bouncycastle.asn1.ASN1Sequence; +import com.fr.third.org.bouncycastle.asn1.ASN1Set; +import com.fr.third.org.bouncycastle.asn1.ASN1TaggedObject; +import com.fr.third.org.bouncycastle.asn1.DEREnumerated; +import com.fr.third.org.bouncycastle.asn1.DERInteger; +import com.fr.third.org.bouncycastle.asn1.DERNull; +import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; +import com.fr.third.org.bouncycastle.asn1.DEROctetString; +import com.fr.third.org.bouncycastle.asn1.DERSequence; +import com.fr.third.org.bouncycastle.asn1.DERSet; +import com.fr.third.org.bouncycastle.asn1.DERTaggedObject; +import com.fr.third.org.bouncycastle.asn1.DERUTCTime; +import com.fr.third.org.bouncycastle.asn1.cms.AttributeTable; +import com.fr.third.org.bouncycastle.asn1.cms.Attribute; +import com.fr.third.org.bouncycastle.asn1.ocsp.BasicOCSPResponse; +import com.fr.third.org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; +import com.fr.third.org.bouncycastle.jce.provider.X509CRLParser; +import com.fr.third.org.bouncycastle.jce.provider.X509CertParser; import java.security.cert.CertificateParsingException; import java.util.Date; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.tsp.MessageImprint; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.SingleResp; -import org.bouncycastle.tsp.TimeStampToken; +import com.fr.third.org.bouncycastle.asn1.ASN1OctetString; +import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; +import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import com.fr.third.org.bouncycastle.asn1.tsp.MessageImprint; +import com.fr.third.org.bouncycastle.asn1.x509.X509Extensions; +//import org.bouncycastle.ocsp.BasicOCSPResp; +//import org.bouncycastle.ocsp.CertificateID; +//import org.bouncycastle.ocsp.SingleResp; +//import org.bouncycastle.tsp.TimeStampToken; /** * This class does all the processing related to signing and verifying a PKCS#7 @@ -167,7 +167,7 @@ public class PdfPKCS7 { */ private String signName; - private TimeStampToken timeStampToken; +// private TimeStampToken timeStampToken; private static final HashMap digestNames = new HashMap(); private static final HashMap algorithmNames = new HashMap(); @@ -273,23 +273,23 @@ public class PdfPKCS7 { * @return the timestamp token or null * @since 2.1.6 */ - public TimeStampToken getTimeStampToken() { - return timeStampToken; - } +// public TimeStampToken getTimeStampToken() { +// return timeStampToken; +// } /** * Gets the timestamp date * @return a date * @since 2.1.6 */ - public Calendar getTimeStampDate() { - if (timeStampToken == null) - return null; - Calendar cal = new GregorianCalendar(); - Date date = timeStampToken.getTimeStampInfo().getGenTime(); - cal.setTime(date); - return cal; - } +// public Calendar getTimeStampDate() { +// if (timeStampToken == null) +// return null; +// Calendar cal = new GregorianCalendar(); +// Date date = timeStampToken.getTimeStampInfo().getGenTime(); +// cal.setTime(date); +// return cal; +// } /** * Verifies a signature using the sub-filter adbe.x509.rsa_sha1. @@ -319,19 +319,19 @@ public class PdfPKCS7 { } } - private BasicOCSPResp basicResp; +// private BasicOCSPResp basicResp; /** * Gets the OCSP basic response if there is one. * @return the OCSP basic response or null * @since 2.1.6 */ - public BasicOCSPResp getOcsp() { - return basicResp; - } +// public BasicOCSPResp getOcsp() { +// return basicResp; +// } private void findOcsp(ASN1Sequence seq) throws IOException { - basicResp = null; +// basicResp = null; boolean ret = false; while (true) { if ((seq.getObjectAt(0) instanceof DERObjectIdentifier) @@ -362,7 +362,7 @@ public class PdfPKCS7 { DEROctetString os = (DEROctetString)seq.getObjectAt(1); ASN1InputStream inp = new ASN1InputStream(os.getOctets()); BasicOCSPResponse resp = BasicOCSPResponse.getInstance(inp.readObject()); - basicResp = new BasicOCSPResp(resp); +// basicResp = new BasicOCSPResp(resp); } /** @@ -379,7 +379,7 @@ public class PdfPKCS7 { // // Basic checks to make sure it's a PKCS#7 SignedData Object // - DERObject pkcs; + ASN1Object pkcs; try { pkcs = din.readObject(); @@ -464,7 +464,7 @@ public class PdfPKCS7 { if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1Set sseq = ASN1Set.getInstance(tagsig, false); - sigAttr = sseq.getEncoded(ASN1Encodable.DER); + sigAttr = sseq.getEncoded("DER"); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); @@ -499,7 +499,7 @@ public class PdfPKCS7 { ASN1Set attributeValues = ts.getAttrValues(); ASN1Sequence tokenSequence = ASN1Sequence.getInstance(attributeValues.getObjectAt(0)); ContentInfo contentInfo = new ContentInfo(tokenSequence); - this.timeStampToken = new TimeStampToken(contentInfo); +// this.timeStampToken = new TimeStampToken(contentInfo); } } if (RSAdata != null || digestAttr != null) { @@ -641,15 +641,15 @@ public class PdfPKCS7 { * @return true if it checks false otherwise * @since 2.1.6 */ - public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { - if (timeStampToken == null) - return false; - MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); - byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); - byte[] imphashed = imprint.getHashedMessage(); - boolean res = Arrays.equals(md, imphashed); - return res; - } +// public boolean verifyTimestampImprint() throws NoSuchAlgorithmException { +// if (timeStampToken == null) +// return false; +// MessageImprint imprint = timeStampToken.getTimeStampInfo().toTSTInfo().getMessageImprint(); +// byte[] md = MessageDigest.getInstance("SHA-1").digest(digest); +// byte[] imphashed = imprint.getHashedMessage(); +// boolean res = Arrays.equals(md, imphashed); +// return res; +// } /** * Get all the X.509 certificates associated with this PKCS#7 object in no particular order. @@ -888,27 +888,27 @@ public class PdfPKCS7 { * @return true is a certificate was found * @since 2.1.6 */ - public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { - if (provider == null) - provider = "BC"; - try { - for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { - try { - String alias = (String)aliases.nextElement(); - if (!keystore.isCertificateEntry(alias)) - continue; - X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); - if (ocsp.verify(certStoreX509.getPublicKey(), provider)) - return true; - } - catch (Exception ex) { - } - } - } - catch (Exception e) { - } - return false; - } +// public static boolean verifyOcspCertificates(BasicOCSPResp ocsp, KeyStore keystore, String provider) { +// if (provider == null) +// provider = "BC"; +// try { +// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { +// try { +// String alias = (String)aliases.nextElement(); +// if (!keystore.isCertificateEntry(alias)) +// continue; +// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); +// if (ocsp.verify(certStoreX509.getPublicKey(), provider)) +// return true; +// } +// catch (Exception ex) { +// } +// } +// } +// catch (Exception e) { +// } +// return false; +// } /** * Verifies a timestamp against a KeyStore. @@ -918,27 +918,27 @@ public class PdfPKCS7 { * @return true is a certificate was found * @since 2.1.6 */ - public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { - if (provider == null) - provider = "BC"; - try { - for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { - try { - String alias = (String)aliases.nextElement(); - if (!keystore.isCertificateEntry(alias)) - continue; - X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); - ts.validate(certStoreX509, provider); - return true; - } - catch (Exception ex) { - } - } - } - catch (Exception e) { - } - return false; - } +// public static boolean verifyTimestampCertificates(TimeStampToken ts, KeyStore keystore, String provider) { +// if (provider == null) +// provider = "BC"; +// try { +// for (Enumeration aliases = keystore.aliases(); aliases.hasMoreElements();) { +// try { +// String alias = (String)aliases.nextElement(); +// if (!keystore.isCertificateEntry(alias)) +// continue; +// X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); +// ts.validate(certStoreX509, provider); +// return true; +// } +// catch (Exception ex) { +// } +// } +// } +// catch (Exception e) { +// } +// return false; +// } /** * Retrieves the OCSP URL from the given certificate. @@ -949,7 +949,7 @@ public class PdfPKCS7 { */ public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException { try { - DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); + ASN1Object obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); if (obj == null) { return null; } @@ -961,7 +961,7 @@ public class PdfPKCS7 { continue; } else { if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { - String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1)); + String AccessLocation = getStringFromGeneralName((ASN1Object)AccessDescription.getObjectAt(1)); if ( AccessLocation == null ) { return "" ; } else { @@ -980,26 +980,26 @@ public class PdfPKCS7 { * @return true if it checks false otherwise * @since 2.1.6 */ - public boolean isRevocationValid() { - if (basicResp == null) - return false; - if (signCerts.size() < 2) - return false; - try { - X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); - SingleResp sr = basicResp.getResponses()[0]; - CertificateID cid = sr.getCertID(); - X509Certificate sigcer = getSigningCertificate(); - X509Certificate isscer = cs[1]; - CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); - return tis.equals(cid); - } - catch (Exception ex) { - } - return false; - } +// public boolean isRevocationValid() { +// if (basicResp == null) +// return false; +// if (signCerts.size() < 2) +// return false; +// try { +// X509Certificate[] cs = (X509Certificate[])getSignCertificateChain(); +// SingleResp sr = basicResp.getResponses()[0]; +// CertificateID cid = sr.getCertID(); +// X509Certificate sigcer = getSigningCertificate(); +// X509Certificate isscer = cs[1]; +// CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber()); +// return tis.equals(cid); +// } +// catch (Exception ex) { +// } +// return false; +// } - private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { + private static ASN1Object getExtensionValue(X509Certificate cert, String oid) throws IOException { byte[] bytes = cert.getExtensionValue(oid); if (bytes == null) { return null; @@ -1010,7 +1010,7 @@ public class PdfPKCS7 { return aIn.readObject(); } - private static String getStringFromGeneralName(DERObject names) throws IOException { + private static String getStringFromGeneralName(ASN1Object names) throws IOException { DERTaggedObject taggedObject = (DERTaggedObject) names ; return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); } @@ -1020,11 +1020,11 @@ public class PdfPKCS7 { * @param enc a TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getIssuer(byte[] enc) { + private static ASN1Object getIssuer(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); + return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1036,11 +1036,11 @@ public class PdfPKCS7 { * @param enc A TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getSubject(byte[] enc) { + private static ASN1Object getSubject(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); + return (ASN1Object)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1340,7 +1340,7 @@ public class PdfPKCS7 { */ public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { try { - return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER); + return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded("DER"); } catch (Exception e) { throw new ExceptionConverter(e); @@ -1575,7 +1575,7 @@ public class PdfPKCS7 { vs = new ArrayList(); values.put(id, vs); } - vs.add(((DERString)s.getObjectAt(1)).getString()); + vs.add(((ASN1String)s.getObjectAt(1)).getString()); } } } diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java index 044b9fae6..1c5fc76f1 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfPublicKeySecurityHandler.java @@ -89,6 +89,8 @@ package com.fr.third.v2.lowagie.text.pdf; +import com.fr.third.org.bouncycastle.asn1.ASN1Object; +import com.fr.third.org.bouncycastle.asn1.ASN1Set; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -107,22 +109,21 @@ import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EncryptedContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.cms.IssuerAndSerialNumber; -import org.bouncycastle.asn1.cms.KeyTransRecipientInfo; -import org.bouncycastle.asn1.cms.RecipientIdentifier; -import org.bouncycastle.asn1.cms.RecipientInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import com.fr.third.org.bouncycastle.asn1.ASN1InputStream; +import com.fr.third.org.bouncycastle.asn1.DERObjectIdentifier; +import com.fr.third.org.bouncycastle.asn1.DEROctetString; +import com.fr.third.org.bouncycastle.asn1.DEROutputStream; +import com.fr.third.org.bouncycastle.asn1.DERSet; +import com.fr.third.org.bouncycastle.asn1.cms.ContentInfo; +import com.fr.third.org.bouncycastle.asn1.cms.EncryptedContentInfo; +import com.fr.third.org.bouncycastle.asn1.cms.EnvelopedData; +import com.fr.third.org.bouncycastle.asn1.cms.IssuerAndSerialNumber; +import com.fr.third.org.bouncycastle.asn1.cms.KeyTransRecipientInfo; +import com.fr.third.org.bouncycastle.asn1.cms.RecipientIdentifier; +import com.fr.third.org.bouncycastle.asn1.cms.RecipientInfo; +import com.fr.third.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import com.fr.third.org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import com.fr.third.org.bouncycastle.asn1.x509.TBSCertificateStructure; /** * @author Aiken Sam (aikensam@ieee.org) @@ -244,7 +245,7 @@ public class PdfPublicKeySecurityHandler { pkcs7input[22] = two; pkcs7input[23] = one; - DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); + ASN1Object obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -276,7 +277,7 @@ public class PdfPublicKeySecurityHandler { return EncodedRecipients; } - private DERObject createDERForRecipient(byte[] in, X509Certificate cert) + private ASN1Object createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException { @@ -287,7 +288,7 @@ public class PdfPublicKeySecurityHandler { AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); - DERObject derobject = asn1inputstream.readObject(); + ASN1Object derobject = asn1inputstream.readObject(); KeyGenerator keygenerator = KeyGenerator.getInstance(s); keygenerator.init(128); SecretKey secretkey = keygenerator.generateKey(); @@ -300,10 +301,10 @@ public class PdfPublicKeySecurityHandler { AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); - EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); + EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo,(ASN1Set) null); ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); - return contentinfo.getDERObject(); + return contentinfo.getContentType(); } private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) @@ -318,7 +319,7 @@ public class PdfPublicKeySecurityHandler { new IssuerAndSerialNumber( tbscertificatestructure.getIssuer(), tbscertificatestructure.getSerialNumber().getValue()); - Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId()); + Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId()); cipher.init(1, x509certificate); DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0)); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java index 81bf95987..9aafda9e2 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/PdfReader.java @@ -79,8 +79,8 @@ import com.fr.third.v2.lowagie.text.pdf.interfaces.PdfViewerPreferences; import com.fr.third.v2.lowagie.text.pdf.internal.PdfViewerPreferencesImp; import com.fr.third.v2.lowagie.text.exceptions.BadPasswordException; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.RecipientInformation; +//import org.bouncycastle.cms.CMSEnvelopedData; +//import org.bouncycastle.cms.RecipientInformation; /** Reads a PDF document. * @author Paulo Soares (psoares@consiste.pt) @@ -710,24 +710,24 @@ public class PdfReader implements PdfViewerPreferences { PdfObject recipient = recipients.getPdfObject(i); strings.remove(recipient); - CMSEnvelopedData data = null; - try { - data = new CMSEnvelopedData(recipient.getBytes()); - - Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); - - while (recipientCertificatesIt.hasNext()) { - RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); - - if (recipientInfo.getRID().match(certificate) && !foundRecipient) { - envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); - foundRecipient = true; - } - } - } - catch (Exception f) { - throw new ExceptionConverter(f); - } +// CMSEnvelopedData data = null; +// try { +// data = new CMSEnvelopedData(recipient.getBytes()); +// +// Iterator recipientCertificatesIt = data.getRecipientInfos().getRecipients().iterator(); +// +// while (recipientCertificatesIt.hasNext()) { +// RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); +// +// if (recipientInfo.getRID().match(certificate) && !foundRecipient) { +// envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); +// foundRecipient = true; +// } +// } +// } +// catch (Exception f) { +// throw new ExceptionConverter(f); +// } } if(!foundRecipient || envelopedData == null) { diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java index 29e65e60d..465391f63 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/TSAClientBouncyCastle.java @@ -1,230 +1,230 @@ -/* - * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ - * - * Copyright 2009 Martin Brunecky, Aiken Sam - * - * The contents of this file are subject to the Mozilla Public License Version 1.1 - * (the "License"); you may not use this file except in compliance with the License. - * You may obtain a copy of the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the License. - * - * The Original Code is 'iText, a free JAVA-PDF library'. - * - * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by - * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. - * All Rights Reserved. - * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer - * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. - * - * Contributor(s): all the names of the contributors are added in the source code - * where applicable. - * - * Alternatively, the contents of this file may be used under the terms of the - * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the - * provisions of LGPL are applicable instead of those above. If you wish to - * allow use of your version of this file only under the terms of the LGPL - * License and not to allow others to use your version of this file under - * the MPL, indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by the LGPL. - * If you do not delete the provisions above, a recipient may use your version - * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the MPL as stated above or under the terms of the GNU - * Library General Public License as published by the Free Software Foundation; - * either version 2 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more - * details. - * - * If you didn't download this code from the following link, you should check if - * you aren't using an obsolete version: - * http://www.lowagie.com/iText/ - */ - -package com.fr.third.v2.lowagie.text.pdf; - -import java.io.*; -import java.math.*; -import java.net.*; - -import org.bouncycastle.asn1.cmp.*; -import org.bouncycastle.asn1.x509.*; -import org.bouncycastle.tsp.*; - -import com.fr.third.v2.lowagie.text.pdf.codec.Base64; - -/** - * Time Stamp Authority Client interface implementation using Bouncy Castle - * org.bouncycastle.tsp package. - *

- * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 - * for ease of subclassing. - *

- * @since 2.1.6 - */ -public class TSAClientBouncyCastle implements TSAClient { - /** URL of the Time Stamp Authority */ - protected String tsaURL; - /** TSA Username */ - protected String tsaUsername; - /** TSA password */ - protected String tsaPassword; - /** Estimate of the received time stamp token */ - protected int tokSzEstimate; - - /** - * Creates an instance of a TSAClient that will use BouncyCastle. - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - */ - public TSAClientBouncyCastle(String url) { - this(url, null, null, 4096); - } - - /** - * Creates an instance of a TSAClient that will use BouncyCastle. - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - * @param username String - user(account) name - * @param password String - password - */ - public TSAClientBouncyCastle(String url, String username, String password) { - this(url, username, password, 4096); - } - - /** - * Constructor. - * Note the token size estimate is updated by each call, as the token - * size is not likely to change (as long as we call the same TSA using - * the same imprint length). - * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") - * @param username String - user(account) name - * @param password String - password - * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) - */ - public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { - this.tsaURL = url; - this.tsaUsername = username; - this.tsaPassword = password; - this.tokSzEstimate = tokSzEstimate; - } - - /** - * Get the token size estimate. - * Returned value reflects the result of the last succesfull call, padded - * @return an estimate of the token size - */ - public int getTokenSizeEstimate() { - return tokSzEstimate; - } - - /** - * Get RFC 3161 timeStampToken. - * Method may return null indicating that timestamp should be skipped. - * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) - * @param imprint byte[] - data imprint to be time-stamped - * @return byte[] - encoded, TSA signed data of the timeStampToken - * @throws Exception - TSA request failed - * @see TSAClient#getTimeStampToken(PdfPKCS7, byte[]) - */ - public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { - return getTimeStampToken(imprint); - } - - /** - * Get timestamp token - Bouncy Castle request encoding / decoding layer - */ - protected byte[] getTimeStampToken(byte[] imprint) throws Exception { - byte[] respBytes = null; - try { - // Setup the time stamp request - TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); - tsqGenerator.setCertReq(true); - // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); - BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); - TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); - byte[] requestBytes = request.getEncoded(); - - // Call the communications layer - respBytes = getTSAResponse(requestBytes); - - // Handle the TSA response - TimeStampResponse response = new TimeStampResponse(respBytes); - - // validate communication level attributes (RFC 3161 PKIStatus) - response.validate(request); - PKIFailureInfo failure = response.getFailInfo(); - int value = (failure == null) ? 0 : failure.intValue(); - if (value != 0) { - // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string - throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); - } - // @todo: validate the time stap certificate chain (if we want - // assure we do not sign using an invalid timestamp). - - // extract just the time stamp token (removes communication status info) - TimeStampToken tsToken = response.getTimeStampToken(); - if (tsToken == null) { - throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); - } - TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details - byte[] encoded = tsToken.getEncoded(); - long stop = System.currentTimeMillis(); - - // Update our token size estimate for the next call (padded to be safe) - this.tokSzEstimate = encoded.length + 32; - return encoded; - } catch (Exception e) { - throw e; - } catch (Throwable t) { - throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); - } - } - - /** - * Get timestamp token - communications layer - * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) - */ - protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { - // Setup the TSA connection - URL url = new URL(tsaURL); - URLConnection tsaConnection; - tsaConnection = (URLConnection) url.openConnection(); - - tsaConnection.setDoInput(true); - tsaConnection.setDoOutput(true); - tsaConnection.setUseCaches(false); - tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); - //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); - tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); - - if ((tsaUsername != null) && !tsaUsername.equals("") ) { - String userPassword = tsaUsername + ":" + tsaPassword; - tsaConnection.setRequestProperty("Authorization", "Basic " + - new String(Base64.encodeBytes(userPassword.getBytes()))); - } - OutputStream out = tsaConnection.getOutputStream(); - out.write(requestBytes); - out.close(); - - // Get TSA response as a byte array - InputStream inp = tsaConnection.getInputStream(); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - byte[] buffer = new byte[1024]; - int bytesRead = 0; - while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { - baos.write(buffer, 0, bytesRead); - } - byte[] respBytes = baos.toByteArray(); - - String encoding = tsaConnection.getContentEncoding(); - if (encoding != null && encoding.equalsIgnoreCase("base64")) { - respBytes = Base64.decode(new String(respBytes)); - } - return respBytes; - } -} \ No newline at end of file +///* +// * $Id: TSAClientBouncyCastle.java 3973 2009-06-16 10:30:31Z psoares33 $ +// * +// * Copyright 2009 Martin Brunecky, Aiken Sam +// * +// * The contents of this file are subject to the Mozilla Public License Version 1.1 +// * (the "License"); you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at http://www.mozilla.org/MPL/ +// * +// * Software distributed under the License is distributed on an "AS IS" basis, +// * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +// * for the specific language governing rights and limitations under the License. +// * +// * The Original Code is 'iText, a free JAVA-PDF library'. +// * +// * The Initial Developer of the Original Code is Bruno Lowagie. Portions created by +// * the Initial Developer are Copyright (C) 1999-2005 by Bruno Lowagie. +// * All Rights Reserved. +// * Co-Developer of the code is Paulo Soares. Portions created by the Co-Developer +// * are Copyright (C) 2009 by Martin Brunecky. All Rights Reserved. +// * +// * Contributor(s): all the names of the contributors are added in the source code +// * where applicable. +// * +// * Alternatively, the contents of this file may be used under the terms of the +// * LGPL license (the "GNU LIBRARY GENERAL PUBLIC LICENSE"), in which case the +// * provisions of LGPL are applicable instead of those above. If you wish to +// * allow use of your version of this file only under the terms of the LGPL +// * License and not to allow others to use your version of this file under +// * the MPL, indicate your decision by deleting the provisions above and +// * replace them with the notice and other provisions required by the LGPL. +// * If you do not delete the provisions above, a recipient may use your version +// * of this file under either the MPL or the GNU LIBRARY GENERAL PUBLIC LICENSE. +// * +// * This library is free software; you can redistribute it and/or modify it +// * under the terms of the MPL as stated above or under the terms of the GNU +// * Library General Public License as published by the Free Software Foundation; +// * either version 2 of the License, or any later version. +// * +// * This library is distributed in the hope that it will be useful, but WITHOUT +// * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +// * FOR A PARTICULAR PURPOSE. See the GNU Library general Public License for more +// * details. +// * +// * If you didn't download this code from the following link, you should check if +// * you aren't using an obsolete version: +// * http://www.lowagie.com/iText/ +// */ +// +//package com.fr.third.v2.lowagie.text.pdf; +// +//import java.io.*; +//import java.math.*; +//import java.net.*; +// +//import org.bouncycastle.asn1.cmp.*; +//import org.bouncycastle.asn1.x509.*; +//import org.bouncycastle.tsp.*; +// +//import com.fr.third.v2.lowagie.text.pdf.codec.Base64; +// +///** +// * Time Stamp Authority Client interface implementation using Bouncy Castle +// * org.bouncycastle.tsp package. +// *

+// * Created by Aiken Sam, 2006-11-15, refactored by Martin Brunecky, 07/15/2007 +// * for ease of subclassing. +// *

+// * @since 2.1.6 +// */ +//public class TSAClientBouncyCastle implements TSAClient { +// /** URL of the Time Stamp Authority */ +// protected String tsaURL; +// /** TSA Username */ +// protected String tsaUsername; +// /** TSA password */ +// protected String tsaPassword; +// /** Estimate of the received time stamp token */ +// protected int tokSzEstimate; +// +// /** +// * Creates an instance of a TSAClient that will use BouncyCastle. +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// */ +// public TSAClientBouncyCastle(String url) { +// this(url, null, null, 4096); +// } +// +// /** +// * Creates an instance of a TSAClient that will use BouncyCastle. +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// * @param username String - user(account) name +// * @param password String - password +// */ +// public TSAClientBouncyCastle(String url, String username, String password) { +// this(url, username, password, 4096); +// } +// +// /** +// * Constructor. +// * Note the token size estimate is updated by each call, as the token +// * size is not likely to change (as long as we call the same TSA using +// * the same imprint length). +// * @param url String - Time Stamp Authority URL (i.e. "http://tsatest1.digistamp.com/TSA") +// * @param username String - user(account) name +// * @param password String - password +// * @param tokSzEstimate int - estimated size of received time stamp token (DER encoded) +// */ +// public TSAClientBouncyCastle(String url, String username, String password, int tokSzEstimate) { +// this.tsaURL = url; +// this.tsaUsername = username; +// this.tsaPassword = password; +// this.tokSzEstimate = tokSzEstimate; +// } +// +// /** +// * Get the token size estimate. +// * Returned value reflects the result of the last succesfull call, padded +// * @return an estimate of the token size +// */ +// public int getTokenSizeEstimate() { +// return tokSzEstimate; +// } +// +// /** +// * Get RFC 3161 timeStampToken. +// * Method may return null indicating that timestamp should be skipped. +// * @param caller PdfPKCS7 - calling PdfPKCS7 instance (in case caller needs it) +// * @param imprint byte[] - data imprint to be time-stamped +// * @return byte[] - encoded, TSA signed data of the timeStampToken +// * @throws Exception - TSA request failed +// * @see TSAClient#getTimeStampToken(PdfPKCS7, byte[]) +// */ +// public byte[] getTimeStampToken(PdfPKCS7 caller, byte[] imprint) throws Exception { +// return getTimeStampToken(imprint); +// } +// +// /** +// * Get timestamp token - Bouncy Castle request encoding / decoding layer +// */ +// protected byte[] getTimeStampToken(byte[] imprint) throws Exception { +// byte[] respBytes = null; +// try { +// // Setup the time stamp request +// TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); +// tsqGenerator.setCertReq(true); +// // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); +// BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); +// TimeStampRequest request = tsqGenerator.generate(X509ObjectIdentifiers.id_SHA1.getId() , imprint, nonce); +// byte[] requestBytes = request.getEncoded(); +// +// // Call the communications layer +// respBytes = getTSAResponse(requestBytes); +// +// // Handle the TSA response +// TimeStampResponse response = new TimeStampResponse(respBytes); +// +// // validate communication level attributes (RFC 3161 PKIStatus) +// response.validate(request); +// PKIFailureInfo failure = response.getFailInfo(); +// int value = (failure == null) ? 0 : failure.intValue(); +// if (value != 0) { +// // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string +// throw new Exception("Invalid TSA '" + tsaURL + "' response, code " + value); +// } +// // @todo: validate the time stap certificate chain (if we want +// // assure we do not sign using an invalid timestamp). +// +// // extract just the time stamp token (removes communication status info) +// TimeStampToken tsToken = response.getTimeStampToken(); +// if (tsToken == null) { +// throw new Exception("TSA '" + tsaURL + "' failed to return time stamp token: " + response.getStatusString()); +// } +// TimeStampTokenInfo info = tsToken.getTimeStampInfo(); // to view details +// byte[] encoded = tsToken.getEncoded(); +// long stop = System.currentTimeMillis(); +// +// // Update our token size estimate for the next call (padded to be safe) +// this.tokSzEstimate = encoded.length + 32; +// return encoded; +// } catch (Exception e) { +// throw e; +// } catch (Throwable t) { +// throw new Exception("Failed to get TSA response from '" + tsaURL +"'", t); +// } +// } +// +// /** +// * Get timestamp token - communications layer +// * @return - byte[] - TSA response, raw bytes (RFC 3161 encoded) +// */ +// protected byte[] getTSAResponse(byte[] requestBytes) throws Exception { +// // Setup the TSA connection +// URL url = new URL(tsaURL); +// URLConnection tsaConnection; +// tsaConnection = (URLConnection) url.openConnection(); +// +// tsaConnection.setDoInput(true); +// tsaConnection.setDoOutput(true); +// tsaConnection.setUseCaches(false); +// tsaConnection.setRequestProperty("Content-Type", "application/timestamp-query"); +// //tsaConnection.setRequestProperty("Content-Transfer-Encoding", "base64"); +// tsaConnection.setRequestProperty("Content-Transfer-Encoding", "binary"); +// +// if ((tsaUsername != null) && !tsaUsername.equals("") ) { +// String userPassword = tsaUsername + ":" + tsaPassword; +// tsaConnection.setRequestProperty("Authorization", "Basic " + +// new String(Base64.encodeBytes(userPassword.getBytes()))); +// } +// OutputStream out = tsaConnection.getOutputStream(); +// out.write(requestBytes); +// out.close(); +// +// // Get TSA response as a byte array +// InputStream inp = tsaConnection.getInputStream(); +// ByteArrayOutputStream baos = new ByteArrayOutputStream(); +// byte[] buffer = new byte[1024]; +// int bytesRead = 0; +// while ((bytesRead = inp.read(buffer, 0, buffer.length)) >= 0) { +// baos.write(buffer, 0, bytesRead); +// } +// byte[] respBytes = baos.toByteArray(); +// +// String encoding = tsaConnection.getContentEncoding(); +// if (encoding != null && encoding.equalsIgnoreCase("base64")) { +// respBytes = Base64.decode(new String(respBytes)); +// } +// return respBytes; +// } +//} \ No newline at end of file diff --git a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java index 1070603b5..5702658f6 100644 --- a/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java +++ b/fine-itext/src/com/fr/third/v2/lowagie/text/pdf/crypto/AESCipher.java @@ -48,12 +48,12 @@ */ package com.fr.third.v2.lowagie.text.pdf.crypto; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; +import com.fr.third.org.bouncycastle.crypto.BlockCipher; +import com.fr.third.org.bouncycastle.crypto.engines.AESFastEngine; +import com.fr.third.org.bouncycastle.crypto.modes.CBCBlockCipher; +import com.fr.third.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; +import com.fr.third.org.bouncycastle.crypto.params.KeyParameter; +import com.fr.third.org.bouncycastle.crypto.params.ParametersWithIV; /** * Creates an AES Cipher with CBC and padding PKCS5/7. From 6cd81513732d90c9d3b05bf4b3aa9462a2eff42b Mon Sep 17 00:00:00 2001 From: "Hugh.C" Date: Tue, 28 Apr 2020 18:03:56 +0800 Subject: [PATCH 2/3] =?UTF-8?q?REPORT-30379=20=E5=9C=A8third=E4=B8=AD?= =?UTF-8?q?=E5=8A=A0=E4=B8=80=E4=B8=AA=20third=EF=BC=88=E4=B8=8D=E5=9C=A8?= =?UTF-8?q?=E6=89=93=E5=8C=85=E8=8C=83=E5=9B=B4=E5=86=85=EF=BC=8C=E9=9C=80?= =?UTF-8?q?=E8=A6=81=E8=87=AA=E5=B7=B1=E6=B7=BB=E5=8A=A0junit=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E6=89=8D=E8=83=BD=E8=B7=91=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../text/pdf/PdfEncryptDecryptTest.java | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java diff --git a/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java b/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java new file mode 100644 index 000000000..a9b73c9be --- /dev/null +++ b/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java @@ -0,0 +1,74 @@ +package com.fr.third.com.lowagie.text.pdf; + +import com.fr.third.com.lowagie.text.Document; +import com.fr.third.com.lowagie.text.DocumentException; +import com.fr.third.com.lowagie.text.Paragraph; +import com.fr.third.com.lowagie.text.exceptions.BadPasswordException; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import org.junit.Test; + +import static junit.framework.TestCase.assertTrue; +import static org.junit.Assert.fail; + +/** + * @author Hugh.C + * @version 1.0 + * Created by Hugh.C on 2020/4/28 + */ +public class PdfEncryptDecryptTest { + + @Test + public void testPdfEncryption() { + + try { + byte[] bytes = createPdfEncryptionDocumentByteArray("123"); + assertTrue(bytes.length > 0); + } catch (Exception e) { + fail(); + } + } + + @Test + public void testPdfDecrypt() { + + try { + //沒報錯,解密成功 + new PdfReader(createPdfEncryptionDocumentByteArray("123"), "123".getBytes()); + } catch (Exception e) { + fail(); + } + + boolean result = false; + try { + //報錯,解密失敗 + new PdfReader(createPdfEncryptionDocumentByteArray("123"), "234".getBytes()); + } catch (Exception e) { + assertTrue(e instanceof BadPasswordException); + result = true; + } + assertTrue(result); + } + + /** + * 創建加密過後的pdf document 數組 + * + * @param passWord pdf密碼 + * @return + * @throws DocumentException + * @throws IOException + */ + private byte[] createPdfEncryptionDocumentByteArray(String passWord) throws DocumentException, IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + Document document = new Document(); + PdfWriter write = PdfWriter.getInstance(document, byteOutputStream); + String userPassword = "老王"; + write.setEncryption(userPassword.getBytes(), passWord.getBytes(), PdfWriter.ALLOW_ASSEMBLY, PdfWriter.ENCRYPTION_AES_128); + document.open(); + document.add(new Paragraph("ABCDEFG")); + document.close(); + write.close(); + byteOutputStream.flush(); + return byteOutputStream.toByteArray(); + } +} From 6554afe92b2a73ea215074b4f8d6c04920492ee0 Mon Sep 17 00:00:00 2001 From: "Hugh.C" Date: Tue, 28 Apr 2020 18:07:44 +0800 Subject: [PATCH 3/3] =?UTF-8?q?REPORT-30379=20test=E8=A1=A5=E5=85=85?= =?UTF-8?q?=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java b/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java index a9b73c9be..f7c5b6356 100644 --- a/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java +++ b/fine-itext-old/test/com/fr/third/com/lowagie/text/pdf/PdfEncryptDecryptTest.java @@ -12,7 +12,7 @@ import static junit.framework.TestCase.assertTrue; import static org.junit.Assert.fail; /** - * @author Hugh.C + * @author Hugh.C 不在打包范围内,只是留个凭证,需要自己添加junit 依赖才能跑 * @version 1.0 * Created by Hugh.C on 2020/4/28 */