From c1267522e730b5b0e0c905f2fedc3e8adb818bef Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Thu, 27 Feb 2014 07:38:54 +0100 Subject: [PATCH] Port to bouncycastle 1.50 --- src/core/com/lowagie/text/pdf/PdfPKCS7.java | 38 +++++++++++++--------- .../text/pdf/PdfPublicKeySecurityHandler.java | 15 ++++----- src/core/com/lowagie/text/pdf/PdfReader.java | 4 ++- 3 files changed, 32 insertions(+), 25 deletions(-) diff --git a/src/core/com/lowagie/text/pdf/PdfPKCS7.java b/src/core/com/lowagie/text/pdf/PdfPKCS7.java index 8ccc73e..289a1e0 100755 --- a/src/core/com/lowagie/text/pdf/PdfPKCS7.java +++ b/src/core/com/lowagie/text/pdf/PdfPKCS7.java @@ -75,7 +75,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Set; -import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1OutputStream; @@ -85,13 +85,13 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEREnumerated; import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DEROutputStream; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.DERString; +import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTCTime; import org.bouncycastle.asn1.cms.AttributeTable; @@ -100,14 +100,19 @@ import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; import org.bouncycastle.jce.provider.X509CRLParser; import org.bouncycastle.jce.provider.X509CertParser; + import com.lowagie.text.ExceptionConverter; + import java.security.cert.CertificateParsingException; import java.util.Date; + import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.tsp.MessageImprint; import org.bouncycastle.asn1.x509.X509Extensions; +import org.bouncycastle.cms.SignerInformationVerifier; +import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.ocsp.BasicOCSPResp; import org.bouncycastle.ocsp.CertificateID; import org.bouncycastle.ocsp.SingleResp; @@ -379,7 +384,7 @@ public class PdfPKCS7 { // // Basic checks to make sure it's a PKCS#7 SignedData Object // - DERObject pkcs; + ASN1Primitive pkcs; try { pkcs = din.readObject(); @@ -464,7 +469,7 @@ public class PdfPKCS7 { if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1Set sseq = ASN1Set.getInstance(tagsig, false); - sigAttr = sseq.getEncoded(ASN1Encodable.DER); + sigAttr = sseq.getEncoded(ASN1Encoding.DER); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); @@ -928,7 +933,8 @@ public class PdfPKCS7 { if (!keystore.isCertificateEntry(alias)) continue; X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias); - ts.validate(certStoreX509, provider); + SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509); + ts.validate(siv); return true; } catch (Exception ex) { @@ -949,7 +955,7 @@ public class PdfPKCS7 { */ public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException { try { - DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); + ASN1Primitive obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId()); if (obj == null) { return null; } @@ -961,7 +967,7 @@ public class PdfPKCS7 { continue; } else { if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) { - String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1)); + String AccessLocation = getStringFromGeneralName((ASN1Primitive)AccessDescription.getObjectAt(1)); if ( AccessLocation == null ) { return "" ; } else { @@ -999,7 +1005,7 @@ public class PdfPKCS7 { return false; } - private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException { + private static ASN1Primitive getExtensionValue(X509Certificate cert, String oid) throws IOException { byte[] bytes = cert.getExtensionValue(oid); if (bytes == null) { return null; @@ -1010,7 +1016,7 @@ public class PdfPKCS7 { return aIn.readObject(); } - private static String getStringFromGeneralName(DERObject names) throws IOException { + private static String getStringFromGeneralName(ASN1Primitive names) throws IOException { DERTaggedObject taggedObject = (DERTaggedObject) names ; return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1"); } @@ -1020,11 +1026,11 @@ public class PdfPKCS7 { * @param enc a TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getIssuer(byte[] enc) { + private static ASN1Primitive getIssuer(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); + return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1036,11 +1042,11 @@ public class PdfPKCS7 { * @param enc A TBSCertificate in a byte array * @return a DERObject */ - private static DERObject getSubject(byte[] enc) { + private static ASN1Primitive getSubject(byte[] enc) { try { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); + return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4); } catch (IOException e) { throw new ExceptionConverter(e); @@ -1340,7 +1346,7 @@ public class PdfPKCS7 { */ public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) { try { - return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER); + return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encoding.DER); } catch (Exception e) { throw new ExceptionConverter(e); @@ -1575,7 +1581,7 @@ public class PdfPKCS7 { vs = new ArrayList(); values.put(id, vs); } - vs.add(((DERString)s.getObjectAt(1)).getString()); + vs.add(((ASN1Primitive)s.getObjectAt(1)).toString()); } } } diff --git a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java index ed30814..0878306 100644 --- a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java +++ b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java @@ -92,7 +92,6 @@ package com.lowagie.text.pdf; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; - import java.security.AlgorithmParameterGenerator; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; @@ -100,7 +99,6 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.X509Certificate; - import java.util.ArrayList; import javax.crypto.Cipher; @@ -108,7 +106,8 @@ import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DEROutputStream; @@ -244,7 +243,7 @@ public class PdfPublicKeySecurityHandler { pkcs7input[22] = two; pkcs7input[23] = one; - DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); + ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate); ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -276,7 +275,7 @@ public class PdfPublicKeySecurityHandler { return EncodedRecipients; } - private DERObject createDERForRecipient(byte[] in, X509Certificate cert) + private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert) throws IOException, GeneralSecurityException { @@ -287,7 +286,7 @@ public class PdfPublicKeySecurityHandler { AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters(); ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1")); ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream); - DERObject derobject = asn1inputstream.readObject(); + ASN1Primitive derobject = asn1inputstream.readObject(); KeyGenerator keygenerator = KeyGenerator.getInstance(s); keygenerator.init(128); SecretKey secretkey = keygenerator.generateKey(); @@ -300,10 +299,10 @@ public class PdfPublicKeySecurityHandler { AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject); EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring); - EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null); + EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null); ContentInfo contentinfo = new ContentInfo(PKCSObjectIdentifiers.envelopedData, env); - return contentinfo.getDERObject(); + return contentinfo.toASN1Primitive(); } private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) diff --git a/src/core/com/lowagie/text/pdf/PdfReader.java b/src/core/com/lowagie/text/pdf/PdfReader.java index 8699f22..cf9c16a 100755 --- a/src/core/com/lowagie/text/pdf/PdfReader.java +++ b/src/core/com/lowagie/text/pdf/PdfReader.java @@ -67,6 +67,7 @@ import java.util.zip.InflaterInputStream; import java.util.Stack; import java.security.Key; import java.security.MessageDigest; +import java.security.PrivateKey; import java.security.cert.Certificate; import com.lowagie.text.ExceptionConverter; @@ -80,6 +81,7 @@ import com.lowagie.text.pdf.internal.PdfViewerPreferencesImp; import org.bouncycastle.cms.CMSEnvelopedData; import org.bouncycastle.cms.RecipientInformation; +import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; /** Reads a PDF document. * @author Paulo Soares (psoares@consiste.pt) @@ -719,7 +721,7 @@ public class PdfReader implements PdfViewerPreferences { RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next(); if (recipientInfo.getRID().match(certificate) && !foundRecipient) { - envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider); + envelopedData = recipientInfo.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) certificateKey).setProvider(certificateKeyProvider)); foundRecipient = true; } } -- 1.8.5.3