org.bouncycastle.asn1.cms.AuthEnvelopedData Maven / Gradle / Ivy
package org.bouncycastle.asn1.cms;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
/**
* RFC 5083:
*
* CMS AuthEnveloped Data object.
*
* ASN.1:
*
* id-ct-authEnvelopedData OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
* smime(16) ct(1) 23 }
*
* AuthEnvelopedData ::= SEQUENCE {
* version CMSVersion,
* originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
* recipientInfos RecipientInfos,
* authEncryptedContentInfo EncryptedContentInfo,
* authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
* mac MessageAuthenticationCode,
* unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
*
*/
public class AuthEnvelopedData
extends ASN1Object
{
private ASN1Integer version;
private OriginatorInfo originatorInfo;
private ASN1Set recipientInfos;
private EncryptedContentInfo authEncryptedContentInfo;
private ASN1Set authAttrs;
private ASN1OctetString mac;
private ASN1Set unauthAttrs;
public AuthEnvelopedData(
OriginatorInfo originatorInfo,
ASN1Set recipientInfos,
EncryptedContentInfo authEncryptedContentInfo,
ASN1Set authAttrs,
ASN1OctetString mac,
ASN1Set unauthAttrs)
{
// "It MUST be set to 0."
this.version = new ASN1Integer(0);
this.originatorInfo = originatorInfo;
// "There MUST be at least one element in the collection."
this.recipientInfos = recipientInfos;
if (this.recipientInfos.size() == 0)
{
throw new IllegalArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
}
this.authEncryptedContentInfo = authEncryptedContentInfo;
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
this.authAttrs = authAttrs;
if (!authEncryptedContentInfo.getContentType().equals(CMSObjectIdentifiers.data))
{
if (authAttrs == null || authAttrs.size() == 0)
{
throw new IllegalArgumentException("authAttrs must be present with non-data content");
}
}
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
/**
* Constructs AuthEnvelopedData by parsing supplied ASN1Sequence
*
* @param seq An ASN1Sequence with AuthEnvelopedData
*/
private AuthEnvelopedData(
ASN1Sequence seq)
{
int index = 0;
// "It MUST be set to 0."
ASN1Primitive tmp = seq.getObjectAt(index++).toASN1Primitive();
version = (ASN1Integer)tmp;
if (this.version.getValue().intValue() != 0)
{
throw new IllegalArgumentException("AuthEnvelopedData version number must be 0");
}
tmp = seq.getObjectAt(index++).toASN1Primitive();
if (tmp instanceof ASN1TaggedObject)
{
originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false);
tmp = seq.getObjectAt(index++).toASN1Primitive();
}
// "There MUST be at least one element in the collection."
recipientInfos = ASN1Set.getInstance(tmp);
if (this.recipientInfos.size() == 0)
{
throw new IllegalArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
}
tmp = seq.getObjectAt(index++).toASN1Primitive();
authEncryptedContentInfo = EncryptedContentInfo.getInstance(tmp);
tmp = seq.getObjectAt(index++).toASN1Primitive();
if (tmp instanceof ASN1TaggedObject)
{
authAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false);
tmp = seq.getObjectAt(index++).toASN1Primitive();
}
else
{
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
if (!authEncryptedContentInfo.getContentType().equals(CMSObjectIdentifiers.data))
{
if (authAttrs == null || authAttrs.size() == 0)
{
throw new IllegalArgumentException("authAttrs must be present with non-data content");
}
}
}
mac = ASN1OctetString.getInstance(tmp);
if (seq.size() > index)
{
tmp = seq.getObjectAt(index).toASN1Primitive();
unauthAttrs = ASN1Set.getInstance((ASN1TaggedObject)tmp, false);
}
}
/**
* Return an AuthEnvelopedData object from a tagged object.
*
* Accepted inputs:
*
* - {@link org.bouncycastle.asn1.ASN1Sequence#getInstance(java.lang.Object) ASN1Sequence} input formats
*
*
* @param obj the tagged object holding the object we want.
* @param explicit true if the object is meant to be explicitly
* tagged false otherwise.
* @return a reference that can be assigned to AuthEnvelopedData (may be null)
* @throws IllegalArgumentException if the object held by the
* tagged object cannot be converted.
*/
public static AuthEnvelopedData getInstance(
ASN1TaggedObject obj,
boolean explicit)
{
return getInstance(ASN1Sequence.getInstance(obj, explicit));
}
/**
* Return an AuthEnvelopedData object from the given object.
*
* Accepted inputs:
*
* - null → null
*
- {@link AuthEnvelopedData} object
*
- {@link ASN1Sequence org.bouncycastle.asn1.ASN1Sequence} input formats with AuthEnvelopedData structure inside
*
*
* @param obj The object we want converted.
* @return a reference that can be assigned to AuthEnvelopedData (may be null)
* @throws IllegalArgumentException if the object cannot be converted, or was null.
*/
public static AuthEnvelopedData getInstance(
Object obj)
{
if (obj == null || obj instanceof AuthEnvelopedData)
{
return (AuthEnvelopedData)obj;
}
if (obj instanceof ASN1Sequence)
{
return new AuthEnvelopedData((ASN1Sequence)obj);
}
throw new IllegalArgumentException("Invalid AuthEnvelopedData: " + obj.getClass().getName());
}
public ASN1Integer getVersion()
{
return version;
}
public OriginatorInfo getOriginatorInfo()
{
return originatorInfo;
}
public ASN1Set getRecipientInfos()
{
return recipientInfos;
}
public EncryptedContentInfo getAuthEncryptedContentInfo()
{
return authEncryptedContentInfo;
}
public ASN1Set getAuthAttrs()
{
return authAttrs;
}
public ASN1OctetString getMac()
{
return mac;
}
public ASN1Set getUnauthAttrs()
{
return unauthAttrs;
}
/**
* Produce an object suitable for an ASN1OutputStream.
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
if (originatorInfo != null)
{
v.add(new DERTaggedObject(false, 0, originatorInfo));
}
v.add(recipientInfos);
v.add(authEncryptedContentInfo);
// "authAttrs optionally contains the authenticated attributes."
if (authAttrs != null)
{
// "AuthAttributes MUST be DER encoded, even if the rest of the
// AuthEnvelopedData structure is BER encoded."
v.add(new DERTaggedObject(false, 1, authAttrs));
}
v.add(mac);
// "unauthAttrs optionally contains the unauthenticated attributes."
if (unauthAttrs != null)
{
v.add(new DERTaggedObject(false, 2, unauthAttrs));
}
return new BERSequence(v);
}
}