All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.cms.CMSAuthenticatedDataParser Maven / Gradle / Ivy

package org.bouncycastle.cms;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1OctetStringParser;
import org.bouncycastle.asn1.ASN1SequenceParser;
import org.bouncycastle.asn1.ASN1SetParser;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTags;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.KEKRecipientInfo;
import org.bouncycastle.asn1.cms.KeyAgreeRecipientInfo;
import org.bouncycastle.asn1.cms.KeyTransRecipientInfo;
import org.bouncycastle.asn1.cms.PasswordRecipientInfo;
import org.bouncycastle.asn1.cms.RecipientInfo;
import org.bouncycastle.asn1.cms.AuthenticatedDataParser;
import org.bouncycastle.asn1.cms.ContentInfoParser;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.Arrays;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.AlgorithmParameters;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/**
 * Parsing class for an CMS Authenticated Data object from an input stream.
 * 

* Note: that because we are in a streaming mode only one recipient can be tried and it is important * that the methods on the parser are called in the appropriate order. *

*

* Example of use - assuming the first recipient matches the private key we have. *

 *      CMSAuthenticatedDataParser     ad = new CMSAuthenticatedDataParser(inputStream);
 *
 *      RecipientInformationStore  recipients = ad.getRecipientInfos();
 *
 *      Collection  c = recipients.getRecipients();
 *      Iterator    it = c.iterator();
 *
 *      if (it.hasNext())
 *      {
 *          RecipientInformation   recipient = (RecipientInformation)it.next();
 *
 *          CMSTypedStream recData = recipient.getContentStream(privateKey, "BC");
 *
 *          processDataStream(recData.getContentStream());
 *
 *          if (!Arrays.equals(ad.getMac(), recipient.getMac())
 *          {
 *              System.err.println("Data corrupted!!!!");
 *          }
 *      }
 *  
* Note: this class does not introduce buffering - if you are processing large files you should create * the parser with: *
 *          CMSAuthenticatedDataParser     ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
 *  
* where bufSize is a suitably large buffer size. */ public class CMSAuthenticatedDataParser extends CMSContentInfoParser { RecipientInformationStore _recipientInfoStore; AuthenticatedDataParser authData; private AlgorithmIdentifier macAlg; private byte[] mac; private AttributeTable authAttrs; private AttributeTable unauthAttrs; private boolean authAttrNotRead; private boolean unauthAttrNotRead; public CMSAuthenticatedDataParser( byte[] envelopedData) throws CMSException, IOException { this(new ByteArrayInputStream(envelopedData)); } public CMSAuthenticatedDataParser( InputStream envelopedData) throws CMSException, IOException { super(envelopedData); this.authAttrNotRead = true; this.authData = new AuthenticatedDataParser((ASN1SequenceParser)_contentInfo.getContent(DERTags.SEQUENCE)); // TODO Validate version? //DERInteger version = this.authData.getVersion(); // // load the RecipientInfoStore // ASN1SetParser s = authData.getRecipientInfos(); List baseInfos = new ArrayList(); DEREncodable entry; while ((entry = s.readObject()) != null) { baseInfos.add(RecipientInfo.getInstance(entry.getDERObject())); } this.macAlg = authData.getMacAlgorithm(); // // read the encrypted content info // ContentInfoParser data = authData.getEnapsulatedContentInfo(); // // prime the recipients // List infos = new ArrayList(); Iterator it = baseInfos.iterator(); InputStream dataStream = ((ASN1OctetStringParser)data.getContent(DERTags.OCTET_STRING)).getOctetStream(); while (it.hasNext()) { RecipientInfo info = (RecipientInfo)it.next(); DEREncodable recipInfo = info.getInfo(); if (recipInfo instanceof KeyTransRecipientInfo) { infos.add(new KeyTransRecipientInformation( (KeyTransRecipientInfo)recipInfo, null, macAlg, dataStream)); } else if (recipInfo instanceof KEKRecipientInfo) { infos.add(new KEKRecipientInformation( (KEKRecipientInfo)recipInfo, null, macAlg, dataStream)); } else if (recipInfo instanceof KeyAgreeRecipientInfo) { infos.add(new KeyAgreeRecipientInformation( (KeyAgreeRecipientInfo)recipInfo, null, macAlg, dataStream)); } else if (recipInfo instanceof PasswordRecipientInfo) { infos.add(new PasswordRecipientInformation( (PasswordRecipientInfo)recipInfo, null, macAlg, dataStream)); } } _recipientInfoStore = new RecipientInformationStore(infos); } /** * return the object identifier for the mac algorithm. */ public String getMacAlgOID() { return macAlg.getObjectId().toString(); } /** * return the ASN.1 encoded encryption algorithm parameters, or null if * there aren't any. */ public byte[] getMacAlgParams() { try { return encodeObj(macAlg.getParameters()); } catch (Exception e) { throw new RuntimeException("exception getting encryption parameters " + e); } } /** * Return an AlgorithmParameters object giving the encryption parameters * used to encrypt the message content. * * @param provider the name of the provider to generate the parameters for. * @return the parameters object, null if there is not one. * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. * @throws java.security.NoSuchProviderException if the provider cannot be found. */ public AlgorithmParameters getMacAlgorithmParameters( String provider) throws CMSException, NoSuchProviderException { return getMacAlgorithmParameters(CMSUtils.getProvider(provider)); } /** * Return an AlgorithmParameters object giving the encryption parameters * used to encrypt the message content. * * @param provider the provider to generate the parameters for. * @return the parameters object, null if there is not one. * @throws org.bouncycastle.cms.CMSException if the algorithm cannot be found, or the parameters can't be parsed. */ public AlgorithmParameters getMacAlgorithmParameters( Provider provider) throws CMSException { return CMSEnvelopedHelper.INSTANCE.getEncryptionAlgorithmParameters(getMacAlgOID(), getMacAlgParams(), provider); } /** * return a store of the intended recipients for this message */ public RecipientInformationStore getRecipientInfos() { return _recipientInfoStore; } public byte[] getMac() throws IOException { if (mac == null) { getAuthAttrs(); mac = authData.getMac().getOctets(); } return Arrays.clone(mac); } /** * return a table of the unauthenticated attributes indexed by * the OID of the attribute. * @exception java.io.IOException */ public AttributeTable getAuthAttrs() throws IOException { if (authAttrs == null && authAttrNotRead) { ASN1SetParser set = authData.getAuthAttrs(); authAttrNotRead = false; if (set != null) { ASN1EncodableVector v = new ASN1EncodableVector(); DEREncodable o; while ((o = set.readObject()) != null) { ASN1SequenceParser seq = (ASN1SequenceParser)o; v.add(seq.getDERObject()); } authAttrs = new AttributeTable(new DERSet(v)); } } return authAttrs; } /** * return a table of the unauthenticated attributes indexed by * the OID of the attribute. * @exception java.io.IOException */ public AttributeTable getUnauthAttrs() throws IOException { if (unauthAttrs == null && unauthAttrNotRead) { ASN1SetParser set = authData.getUnauthAttrs(); unauthAttrNotRead = false; if (set != null) { ASN1EncodableVector v = new ASN1EncodableVector(); DEREncodable o; while ((o = set.readObject()) != null) { ASN1SequenceParser seq = (ASN1SequenceParser)o; v.add(seq.getDERObject()); } unauthAttrs = new AttributeTable(new DERSet(v)); } } return unauthAttrs; } private byte[] encodeObj( DEREncodable obj) throws IOException { if (obj != null) { return obj.getDERObject().getEncoded(); } return null; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy