List of usage examples for org.bouncycastle.asn1.cms AuthenticatedData getAuthAttrs
public ASN1Set getAuthAttrs()
From source file:es.gob.afirma.applet.CMSInformation.java
License:Open Source License
/** * Obtiene la información de diferentes tipos de formatos. * @param doj Etiqueta ASN.1 de la que se obtienen los datos. * @param envelopeType Tipo de formato: * <li>0: EnvelopedData</li> * <li>1: AuthenticatedData</li> * <li>2: AuthEnvelopedData</li> * <li>3: SignedAndEnvelopedData</li> * <li>4: SignedData</li>/*from w w w .j a v a2 s . com*/ * <li>5: Encrypted</li> * @param tipoDetalle Tipo de datos (literal) * @param signBinaryType Tipo de firmado binario (CADES o CMS) * @return Representación de los datos. */ private static String extractData(final ASN1TaggedObject doj, final int envelopeType, final String tipoDetalle, final int signBinaryType) { String detalle = ""; //$NON-NLS-1$ detalle = detalle + tipoDetalle + CR; ASN1Set rins = null; EncryptedContentInfo encryptedContentInfo = null; ASN1Set unprotectedAttrs = null; ASN1Integer version = null; AlgorithmIdentifier aid = null; ContentInfo ci = null; ASN1Set authAttrs = null; ASN1Set ds = null; ASN1Set signerInfosSd = null; switch (envelopeType) { case TYPE_ENVELOPED_DATA: final EnvelopedData enveloped = EnvelopedData.getInstance(doj.getObject()); version = enveloped.getVersion(); rins = enveloped.getRecipientInfos(); encryptedContentInfo = enveloped.getEncryptedContentInfo(); unprotectedAttrs = enveloped.getUnprotectedAttrs(); break; case TYPE_AUTHENTICATED_DATA: final AuthenticatedData authenticated = AuthenticatedData.getInstance(doj.getObject()); version = authenticated.getVersion(); rins = authenticated.getRecipientInfos(); aid = authenticated.getMacAlgorithm(); ci = authenticated.getEncapsulatedContentInfo(); authAttrs = authenticated.getAuthAttrs(); unprotectedAttrs = authenticated.getUnauthAttrs(); break; case TYPE_AUTHENTICATED_ENVELOPED_DATA: final AuthEnvelopedData authEnveloped = AuthEnvelopedData.getInstance(doj.getObject()); version = authEnveloped.getVersion(); rins = authEnveloped.getRecipientInfos(); encryptedContentInfo = authEnveloped.getAuthEncryptedContentInfo(); authAttrs = authEnveloped.getAuthAttrs(); unprotectedAttrs = authEnveloped.getUnauthAttrs(); break; case TYPE_SIGNED_ENVELOPED_DATA: final SignedAndEnvelopedData signedEnv = new SignedAndEnvelopedData((ASN1Sequence) doj.getObject()); version = signedEnv.getVersion(); rins = signedEnv.getRecipientInfos(); encryptedContentInfo = signedEnv.getEncryptedContentInfo(); signerInfosSd = signedEnv.getSignerInfos(); break; case TYPE_SIGNED_DATA: final SignedData signed = SignedData.getInstance(doj.getObject()); version = signed.getVersion(); ds = signed.getDigestAlgorithms(); ci = signed.getEncapContentInfo(); signerInfosSd = signed.getSignerInfos(); break; case TYPE_ENCRYPTED_DATA: final ASN1Sequence encrypted = (ASN1Sequence) doj.getObject(); version = ASN1Integer.getInstance(encrypted.getObjectAt(0)); encryptedContentInfo = EncryptedContentInfo.getInstance(encrypted.getObjectAt(1)); if (encrypted.size() == 3) { unprotectedAttrs = (ASN1Set) encrypted.getObjectAt(2); } break; default: throw new IllegalArgumentException("Tipo de sobre no soportado: " + envelopeType); //$NON-NLS-1$ } //obtenemos la version detalle = detalle + AppletMessages.getString("CMSInformation.1") + SP + version + CR; //$NON-NLS-1$ //recipientInfo if (rins != null) { if (envelopeType != TYPE_SIGNED_DATA && envelopeType != TYPE_ENCRYPTED_DATA && rins.size() > 0) { detalle = detalle + AppletMessages.getString("CMSInformation.13") + CR; //$NON-NLS-1$ } for (int i = 0; i < rins.size(); i++) { final KeyTransRecipientInfo kti = KeyTransRecipientInfo .getInstance(RecipientInfo.getInstance(rins.getObjectAt(i)).getInfo()); detalle = detalle + AppletMessages.getString("CMSInformation.14") + SP + (i + 1) + ":" + CR; //$NON-NLS-1$//$NON-NLS-2$ final AlgorithmIdentifier diAlg = kti.getKeyEncryptionAlgorithm(); //issuer y serial final IssuerAndSerialNumber iss = (IssuerAndSerialNumber) SignerIdentifier .getInstance(kti.getRecipientIdentifier().getId()).getId(); detalle = detalle + TB + AppletMessages.getString("CMSInformation.15") + SP //$NON-NLS-1$ + iss.getName().toString() + CR; detalle = detalle + TB + AppletMessages.getString("CMSInformation.16") + SP + iss.getSerialNumber() //$NON-NLS-1$ + CR; // el algoritmo de cifrado de los datos AOCipherAlgorithm algorithm = null; final AOCipherAlgorithm[] algos = AOCipherAlgorithm.values(); // obtenemos el algoritmo usado para cifrar la pass for (final AOCipherAlgorithm algo : algos) { if (algo.getOid().equals(diAlg.getAlgorithm().toString())) { algorithm = algo; } } if (algorithm != null) { detalle = detalle + TB + AppletMessages.getString("CMSInformation.17") + SP //$NON-NLS-1$ + algorithm.getName() + CR; } else { detalle = detalle + TB + AppletMessages.getString("CMSInformation.18") + SP //$NON-NLS-1$ + diAlg.getAlgorithm() + CR; } } } if (envelopeType == TYPE_ENVELOPED_DATA || envelopeType == TYPE_ENCRYPTED_DATA) { //obtenemos datos de los datos cifrados. detalle = detalle + AppletMessages.getString("CMSInformation.19") + CR; //$NON-NLS-1$ detalle = detalle + getEncryptedContentInfo(encryptedContentInfo); } else if (envelopeType == TYPE_AUTHENTICATED_DATA && aid != null && ci != null) { // mac algorithm detalle = detalle + AppletMessages.getString("CMSInformation.20") + SP + aid.getAlgorithm() + CR; //$NON-NLS-1$ //digestAlgorithm final ASN1Sequence seq = (ASN1Sequence) doj.getObject(); final ASN1TaggedObject da = (ASN1TaggedObject) seq.getObjectAt(4); final AlgorithmIdentifier dai = AlgorithmIdentifier.getInstance(da.getObject()); detalle = detalle + AppletMessages.getString("CMSInformation.21") + SP + dai.getAlgorithm() + CR; //$NON-NLS-1$ //obtenemos datos de los datos cifrados. detalle = detalle + AppletMessages.getString("CMSInformation.22") + SP + ci.getContentType() + CR; //$NON-NLS-1$ detalle = getObligatorieAtrib(signBinaryType, detalle, authAttrs); } else if (envelopeType == TYPE_AUTHENTICATED_ENVELOPED_DATA) { detalle = detalle + AppletMessages.getString("CMSInformation.19") + CR; //$NON-NLS-1$ detalle = detalle + getEncryptedContentInfo(encryptedContentInfo); detalle = getObligatorieAtrib(signBinaryType, detalle, authAttrs); } else if (envelopeType == TYPE_SIGNED_ENVELOPED_DATA) { //algoritmo de firma final ASN1Sequence seq = (ASN1Sequence) doj.getObject(); final ASN1Set da = (ASN1Set) seq.getObjectAt(2); final AlgorithmIdentifier dai = AlgorithmIdentifier.getInstance(da.getObjectAt(0)); detalle = detalle + AppletMessages.getString("CMSInformation.21") + SP + dai.getAlgorithm() + CR; //$NON-NLS-1$ //obtenemos datos de los datos cifrados. detalle = detalle + AppletMessages.getString("CMSInformation.19") + CR; //$NON-NLS-1$ detalle = detalle + getEncryptedContentInfo(encryptedContentInfo); } else if (envelopeType == TYPE_SIGNED_DATA && ci != null && ds != null) { //algoritmo de firma final AlgorithmIdentifier dai = AlgorithmIdentifier.getInstance(ds.getObjectAt(0)); detalle = detalle + AppletMessages.getString("CMSInformation.21") + SP + dai.getAlgorithm() + CR; //$NON-NLS-1$ detalle = detalle + AppletMessages.getString("CMSInformation.22") + SP + ci.getContentType() + CR; //$NON-NLS-1$ } //obtenemos lo atributos opcionales if (envelopeType != TYPE_SIGNED_ENVELOPED_DATA) { if (unprotectedAttrs == null) { detalle = detalle + AppletMessages.getString("CMSInformation.28") + CR; //$NON-NLS-1$ } else { final String atributos = getUnSignedAttributes(unprotectedAttrs.getObjects()); detalle = detalle + AppletMessages.getString("CMSInformation.29") + CR; //$NON-NLS-1$ detalle = detalle + atributos; } } else if ((envelopeType == TYPE_SIGNED_ENVELOPED_DATA || envelopeType == TYPE_SIGNED_DATA) && signerInfosSd != null) { //obtenemos el(los) firmate(s) if (signerInfosSd.size() > 0) { detalle = detalle + AppletMessages.getString("CMSInformation.30") + CR; //$NON-NLS-1$ } for (int i = 0; i < signerInfosSd.size(); i++) { final SignerInfo si = SignerInfo.getInstance(signerInfosSd.getObjectAt(i)); detalle = detalle + AppletMessages.getString("CMSInformation.31") + SP + (i + 1) + ":" + CR; //$NON-NLS-1$//$NON-NLS-2$ // version detalle = detalle + TB + AppletMessages.getString("CMSInformation.1") + SP + si.getVersion() + CR; //$NON-NLS-1$ //signerIdentifier final SignerIdentifier sident = si.getSID(); final IssuerAndSerialNumber iss = IssuerAndSerialNumber.getInstance(sident.getId()); detalle = detalle + TB + AppletMessages.getString("CMSInformation.15") + SP //$NON-NLS-1$ + iss.getName().toString() + CR; detalle = detalle + TB + AppletMessages.getString("CMSInformation.16") + SP + iss.getSerialNumber() //$NON-NLS-1$ + CR; //digestAlgorithm final AlgorithmIdentifier algId = si.getDigestAlgorithm(); detalle = detalle + TB + AppletMessages.getString("CMSInformation.35") + SP + algId.getAlgorithm() //$NON-NLS-1$ + CR; //obtenemos lo atributos obligatorios final ASN1Set sa = si.getAuthenticatedAttributes(); String satributes = ""; //$NON-NLS-1$ if (sa != null) { satributes = getsignedAttributes(sa, signBinaryType); } detalle = detalle + TB + AppletMessages.getString("CMSInformation.36") + CR; //$NON-NLS-1$ detalle = detalle + satributes; } } return detalle; }
From source file:es.gob.afirma.envelopers.cms.CMSAuthenticatedData.java
License:Open Source License
/** Método que inserta remitentes en el "OriginatorInfo" de un sobre * de tipo AuthenticatedData./*from ww w. j a v a 2 s. c o m*/ * @param data * fichero que tiene la firma. * @param signerCertificateChain * Cadena de certificados a agregar. * @return La nueva firma AuthenticatedData con los remitentes que * tenía (si los tuviera) con la cadena de certificados * nueva. * @throws IOException Si hay errores de lectura o escritura de datos * @throws CertificateEncodingException Si el certificado del remitente es invalido */ static byte[] addOriginatorInfo(final InputStream data, final X509Certificate[] signerCertificateChain) throws IOException, CertificateEncodingException { final ASN1InputStream is = new ASN1InputStream(data); // LEEMOS EL FICHERO QUE NOS INTRODUCEN final ASN1Sequence dsq = (ASN1Sequence) is.readObject(); is.close(); final Enumeration<?> e = dsq.getObjects(); // Elementos que contienen los elementos OID Data final ASN1ObjectIdentifier doi = (ASN1ObjectIdentifier) e.nextElement(); if (doi.equals(PKCSObjectIdentifiers.id_ct_authData)) { // Contenido de Data final ASN1TaggedObject doj = (ASN1TaggedObject) e.nextElement(); final AuthenticatedData auth = AuthenticatedData.getInstance(doj.getObject()); final AlgorithmIdentifier digAlg = extractAOIfromAuth((ASN1Sequence) doj.getObject()); // Obtenemos los originatorInfo OriginatorInfo origInfo = auth.getOriginatorInfo(); ASN1Set certs = null; if (origInfo != null) { certs = origInfo.getCertificates(); } final OriginatorInfo origInfoChecked = Utils.checkCertificates(signerCertificateChain, certs); if (origInfoChecked != null) { origInfo = origInfoChecked; } // Se crea un nuevo AuthenticatedData a partir de los datos // anteriores con los nuevos originantes. return new ContentInfo(PKCSObjectIdentifiers.id_ct_authData, new AuthenticatedData(origInfo, // OriginatorInfo auth.getRecipientInfos(), // ASN1Set auth.getMacAlgorithm(), // macAlgorithm digAlg, // AlgorithmIdentifier se les ha olvidado a BC implementar el getDigestAlgorithm auth.getEncapsulatedContentInfo(), // ContentInfo auth.getAuthAttrs(), // ASN1Set auth.getMac(), // ASN1OctetString auth.getUnauthAttrs() // ASN1Set )).getEncoded(ASN1Encoding.DER); } return null; }
From source file:es.gob.afirma.envelopers.cms.CMSDecipherAuthenticatedData.java
License:Open Source License
/** Descifra un PKCS#7 <code>AuthenticatedData</code>. * @param cmsData Datos del tipo EnvelopedData. * @param keyEntry Clave privada del certificado usado para descifrar el * contenido/* www . ja va 2 s .c o m*/ * @return El contenido de una firma de tipo authenticatedData. * @throws IOException Si ocurre algún problema leyendo o escribiendo los * datos * @throws CertificateEncodingException Si se produce alguna excepción con los certificados de * firma. * @throws AOException Cuando ocurre un error durante el proceso de descifrado * (formato o clave incorrecto,...) * @throws AOInvalidRecipientException Cuando se indica un certificado que no está entre los * destinatarios del sobre. * @throws InvalidKeyException Cuando la clave almacenada en el sobre no es válida. * @throws NoSuchAlgorithmException Cuando no se reconozca el algoritmo utilizado para generar el * código de autenticación. * @throws NoSuchPaddingException Cuando no se soporta un tipo de relleno necesario. */ byte[] decipherAuthenticatedData(final byte[] cmsData, final PrivateKeyEntry keyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { byte[] contenido = new byte[0]; AuthenticatedData authenticated = null; final Enumeration<?> elementRecipient; try { final ASN1Sequence authenticatedData = Utils.fetchWrappedData(cmsData); authenticated = AuthenticatedData.getInstance(authenticatedData); elementRecipient = authenticated.getRecipientInfos().getObjects(); } catch (final Exception ex) { throw new AOException("El fichero no contiene un tipo EnvelopedData", ex); //$NON-NLS-1$ } final X509Certificate userCert = (X509Certificate) keyEntry.getCertificate(); final EncryptedKeyDatas encryptedKeyDatas = Utils.fetchEncryptedKeyDatas(userCert, elementRecipient); // Asignamos la clave de descifrado del contenido. assignKey(encryptedKeyDatas.getEncryptedKey(), keyEntry, encryptedKeyDatas.getAlgEncryptedKey()); final ASN1Set authAttr = authenticated.getAuthAttrs(); final byte[] macGenerada = Utils.genMac(this.macAlgorithmConfig.getName(), authAttr.getEncoded(ASN1Encoding.DER), this.cipherKey); final byte[] macObtenida = authenticated.getMac().getOctets(); if (java.util.Arrays.equals(macGenerada, macObtenida)) { contenido = ((DEROctetString) authenticated.getEncapsulatedContentInfo().getContent()).getOctets(); } return contenido; }