List of usage examples for org.bouncycastle.cms CMSEnvelopedData getEncoded
public byte[] getEncoded() throws IOException
From source file:io.aos.crypto.spl09.KeyTransEnvelopedDataWithCertMatchExample.java
License:Apache License
public static void main(String... args) throws Exception { KeyStore credentials = Utils.createCredentials(); PrivateKey key = (PrivateKey) credentials.getKey(Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD); Certificate[] chain = credentials.getCertificateChain(Utils.END_ENTITY_ALIAS); X509Certificate cert = (X509Certificate) chain[0]; // set up the generator CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addKeyTransRecipient(cert);/*from www.j a va 2 s.c om*/ // create the enveloped-data object CMSProcessable data = new CMSProcessableByteArray("Hello World!".getBytes()); CMSEnvelopedData enveloped = gen.generate(data, CMSEnvelopedDataGenerator.AES256_CBC, "BC"); // recreate enveloped = new CMSEnvelopedData(enveloped.getEncoded()); // set up to iterate through the recipients RecipientInformationStore recipients = enveloped.getRecipientInfos(); CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singleton(cert)), "BC"); Iterator it = recipients.getRecipients().iterator(); RecipientInformation recipient = null; while (it.hasNext()) { recipient = (RecipientInformation) it.next(); if (recipient instanceof KeyTransRecipientInformation) { // match the recipient ID Collection matches = certStore.getCertificates(recipient.getRID()); if (!matches.isEmpty()) { // decrypt the data byte[] recData = recipient.getContent(key, "BC"); // compare recovered data to the original data if (Arrays.equals((byte[]) data.getContent(), recData)) { System.out.println("data recovery succeeded"); break; } else { System.out.println("data recovery failed"); break; } } } } if (recipient == null) { System.out.println("could not find a matching recipient"); } }
From source file:no.difi.sdp.client.internal.CreateCMSDocument.java
License:Apache License
public CMSDocument createCMS(byte[] bytes, Sertifikat sertifikat) { try {// w w w . j a v a2 s . com JceKeyTransRecipientInfoGenerator recipientInfoGenerator = new JceKeyTransRecipientInfoGenerator( sertifikat.getX509Certificate(), keyEncryptionScheme) .setProvider(BouncyCastleProvider.PROVIDER_NAME); CMSEnvelopedDataGenerator envelopedDataGenerator = new CMSEnvelopedDataGenerator(); envelopedDataGenerator.addRecipientInfoGenerator(recipientInfoGenerator); OutputEncryptor contentEncryptor = new JceCMSContentEncryptorBuilder(cmsEncryptionAlgorithm).build(); CMSEnvelopedData cmsData = envelopedDataGenerator.generate(new CMSProcessableByteArray(bytes), contentEncryptor); return new CMSDocument(cmsData.getEncoded()); } catch (CertificateEncodingException e) { throw new KonfigurasjonException("Feil med mottakers sertifikat", e); } catch (CMSException e) { throw new KonfigurasjonException("Kunne ikke generere Cryptographic Message Syntax for dokumentpakke", e); } catch (IOException e) { throw new RuntimeIOException(e); } }
From source file:no.digipost.api.client.util.Encrypter.java
License:Apache License
public InputStream encrypt(byte[] content) { if (key == null) { throw new DigipostClientException(ENCRYPTION_KEY_NOT_FOUND, "Trying to preencrypt but have no encryption key."); }/* w w w .ja v a 2 s . co m*/ try { CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator(); gen.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(key.publicKeyHash.getBytes(), key.publicKey)); CMSEnvelopedData d = gen.generate(new CMSProcessableByteArray(content), encryptorBuilder.build()); return new ByteArrayInputStream(d.getEncoded()); } catch (Exception e) { if (e instanceof CMSException && getRootCause(e) instanceof InvalidKeyException) { throw new DigipostClientException(FAILED_PREENCRYPTION, "Ugyldig krypteringsnkkel. (" + InvalidKeyException.class.getName() + ") Er Java Cryptographic Extensions (JCE) " + "Unlimited Strength Jurisdiction Policy Files installert? " + "Dette kan lastes ned fra http://www.oracle.com/technetwork/java/javase/downloads/ under \"Additional Resources\". " + "Plasser filene US_export_policy.jar og local_policy.jar i ${JAVA_HOME}/jre/lib/security (overskriv eksisterende).", e); } else { throw new DigipostClientException(FAILED_PREENCRYPTION, "Feil ved kryptering av innhold: " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'", e); } } }
From source file:org.apache.kerby.pkix.EnvelopedDataEngine.java
License:Apache License
/** * Uses a certificate to encrypt data in a CMS EnvelopedData structure and * returns the encoded EnvelopedData as bytes. * <p/>//from w ww . j ava2 s .c om * 'encKeyPack' contains a CMS type ContentInfo encoded according to [RFC3852]. * The contentType field of the type ContentInfo is id-envelopedData (1.2.840.113549.1.7.3). * The content field is an EnvelopedData. The contentType field for the type * EnvelopedData is id-signedData (1.2.840.113549.1.7.2). * * @param dataToEnvelope * @param certificate * @return The EnvelopedData bytes. * @throws IOException * @throws CMSException * @throws CertificateEncodingException */ public static byte[] getEnvelopedReplyKeyPack(byte[] dataToEnvelope, X509Certificate certificate) throws IOException, CMSException, CertificateEncodingException { CMSProcessableByteArray content = new CMSProcessableByteArray(dataToEnvelope); CMSEnvelopedDataGenerator envelopeGenerator = new CMSEnvelopedDataGenerator(); envelopeGenerator.addRecipientInfoGenerator( new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(certificate))); CMSEnvelopedData envdata = envelopeGenerator.generate(content, new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).build()); return envdata.getEncoded(); }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptKeys(CryptoToken cryptoToken, String alias, KeyPair keypair) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream os = new ObjectOutputStream(baos); os.writeObject(keypair);//from ww w . j ava 2s . c o m CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed; // Creating the KeyId may just throw an exception, we will log this but store the cert and ignore the error final PublicKey pk = cryptoToken.getPublicKey(alias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(baos.toByteArray()), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted keys using key alias '" + alias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.cesecore.certificates.ca.X509CA.java
License:Open Source License
@Override public byte[] encryptData(CryptoToken cryptoToken, byte[] data, int keyPurpose) throws IOException, CMSException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed; final String keyAlias = getCAToken().getAliasFromPurpose(keyPurpose); final PublicKey pk = cryptoToken.getPublicKey(keyAlias); byte[] keyId = KeyTools.createSubjectKeyId(pk).getKeyIdentifier(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyId, pk)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( NISTObjectIdentifiers.id_aes256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); ed = edGen.generate(new CMSProcessableByteArray(data), jceCMSContentEncryptorBuilder.build()); log.info("Encrypted data using key alias '" + keyAlias + "' from Crypto Token " + cryptoToken.getId()); return ed.getEncoded(); }
From source file:org.dihedron.crypto.operations.encrypt.EncryptZipFile.java
License:Open Source License
@Deprecated public byte[] encrypt(byte[] plaintext, String provider, String url, String name, String filter) throws CryptoException { X509Certificate certificate = null; try {/*from www.ja va 2s .c om*/ logger.info("starting encryption process..."); Properties configuration = new Properties(); configuration.setProperty("provider", provider); configuration.setProperty("ldap.url", url); CertificateLoader loader = CertificateLoaderFactory.makeCertificateLoader(configuration); Properties parameters = new Properties(); parameters.put("name", name); parameters.put("filter", filter); certificate = (X509Certificate) loader.loadCertificate(parameters); logger.info("certificate loaded, supports algorithm: '{}'", certificate.getPublicKey().getAlgorithm()); String[] issuerInfo = certificate.getIssuerDN().getName().split("(=|, )", -1); String[] subjectInfo = certificate.getSubjectDN().getName().split("(=|, )", -1); logger.debug("common name (CN) : '{}'", subjectInfo[3]); logger.debug("address : '{}'", subjectInfo[1]); for (int i = 0; i < issuerInfo.length; i += 2) { if (issuerInfo[i].equals("C")) { logger.debug("CountryName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("O")) { logger.debug("OrganizationName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("CN")) { logger.debug("CommonName : '{}'", issuerInfo[i + 1]); } } logger.info("certificate is valid from {} until {}, encrypting data...", certificate.getNotBefore(), certificate.getNotAfter()); CMSTypedData message = new CMSProcessableByteArray(plaintext); CMSEnvelopedDataGenerator generator = new CMSEnvelopedDataGenerator(); generator.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(certificate).setProvider("BC")); CMSEnvelopedData envdata = generator.generate(message, new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build()); // String algorithm = CMSEnvelopedDataGenerator.DES_EDE3_CBC; // int keysize = 192; // bits // CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator(); // fact.addKeyTransRecipient((X509Certificate)certificate); // CMSProcessableByteArray content = new CMSProcessableByteArray(plaintext); // CMSEnvelopedData envdata = fact.generate(content, algorithm, keysize, "BC"); logger.info("... processing done!"); return envdata.getEncoded(); } catch (CMSException e) { logger.error("CMS exception", e); throw new CryptoException("error generating enveloped signature", e); } catch (IOException e) { logger.error("couldn't generate enveloped signature"); throw new CryptoException("error generating enveloped signature", e); // } catch (NoSuchAlgorithmException e) { // logger.error("no such algorithm", e); // throw new CryptoException("Invalid or unsupported algorithm specified", e); // } catch (NoSuchProviderException e) { // logger.error("so such security provider", e); // throw new CryptoException("Error accessing security provider", e); } catch (CertificateLoaderException e) { logger.error("error loading certificate", e); throw new CryptoException("error loading certificate", e); } catch (CertificateEncodingException e) { logger.error("invalid certificate encoding", e); throw new CryptoException("invalid certificate encoding", e); } }
From source file:org.dihedron.crypto.operations.encrypt.pkcs7.Pkcs7Encryptor.java
License:Open Source License
/** * @see org.dihedron.crypto.operations.encrypt.Encryptor#encrypt(byte[]) *//*from www.ja v a2 s. c o m*/ @Override public byte[] encrypt(byte[] plaintext) throws CryptoException { try { logger.info("encrypting data through certificate supporting algorithm: '{}'", certificate.getPublicKey().getAlgorithm()); String[] issuerInfo = certificate.getIssuerDN().getName().split("(=|, )", -1); String[] subjectInfo = certificate.getSubjectDN().getName().split("(=|, )", -1); logger.debug("common name (CN) : '{}'", subjectInfo[3]); logger.debug("address : '{}'", subjectInfo[1]); for (int i = 0; i < issuerInfo.length; i += 2) { if (issuerInfo[i].equals("C")) { logger.debug("CountryName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("O")) { logger.debug("OrganizationName : '{}'", issuerInfo[i + 1]); } if (issuerInfo[i].equals("CN")) { logger.debug("CommonName : '{}'", issuerInfo[i + 1]); } } logger.info("certificate is valid from {} until {}, encrypting data...", certificate.getNotBefore(), certificate.getNotAfter()); ASN1ObjectIdentifier algorithm = CMSAlgorithm.DES_EDE3_CBC; CMSTypedData message = new CMSProcessableByteArray(plaintext); CMSEnvelopedDataGenerator generator = new CMSEnvelopedDataGenerator(); generator.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(certificate).setProvider("BC")); CMSEnvelopedData ed = generator.generate(message, new JceCMSContentEncryptorBuilder(algorithm).setProvider("BC").build()); logger.info("... processing done!"); return ed.getEncoded(); } catch (CMSException e) { logger.error("CMS exception", e); throw new CryptoException("Error generating enveloped signature", e); } catch (IOException e) { logger.error("couldn't generate enveloped signature"); throw new CryptoException("Error generating enveloped signature", e); } catch (CertificateEncodingException e) { logger.error("invalid certificate encoding", e); throw new CryptoException("Invalid certificate encoding", e); // } catch (OperatorCreationException e) { // logger.error("error creating operator", e); // throw new CryptoException("Error creating operator", e); } }
From source file:org.ejbca.core.model.ca.caadmin.extendedcaservices.CmsCAService.java
License:Open Source License
@Override public ExtendedCAServiceResponse extendedService(final CryptoToken cryptoToken, final ExtendedCAServiceRequest request) throws ExtendedCAServiceRequestException, IllegalExtendedCAServiceRequestException, ExtendedCAServiceNotActiveException { if (log.isTraceEnabled()) { log.trace(">extendedService"); }//from w w w . jav a2s .co m if (!(request instanceof CmsCAServiceRequest)) { throw new IllegalExtendedCAServiceRequestException(); } if (getStatus() != ExtendedCAServiceInfo.STATUS_ACTIVE) { final String msg = intres.getLocalizedMessage("caservice.notactive", "CMS"); log.error(msg); throw new ExtendedCAServiceNotActiveException(msg); } ExtendedCAServiceResponse returnval = null; final X509Certificate signerCert = (X509Certificate) certificatechain.get(0); final CmsCAServiceRequest serviceReq = (CmsCAServiceRequest) request; // Create the signed data final CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator(); try { byte[] resp = serviceReq.getDoc(); // Add our signer info and sign the message if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_SIGN) != 0) { final List<X509Certificate> x509CertChain = new ArrayList<X509Certificate>(); for (Certificate certificate : certificatechain) { x509CertChain.add((X509Certificate) certificate); } gen1.addCertificates(new CollectionStore(CertTools.convertToX509CertificateHolder(x509CertChain))); JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME); JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder( calculatorProviderBuilder.build()); ASN1ObjectIdentifier oid = AlgorithmTools .getSignAlgOidFromDigestAndKey(CMSSignedGenerator.DIGEST_SHA1, privKey.getAlgorithm()); String signatureAlgorithmName = AlgorithmTools.getAlgorithmNameFromOID(oid); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithmName) .setProvider(BouncyCastleProvider.PROVIDER_NAME); ContentSigner contentSigner = signerBuilder.build(privKey); gen1.addSignerInfoGenerator(builder.build(contentSigner, signerCert)); final CMSTypedData msg = new CMSProcessableByteArray(resp); final CMSSignedData s = gen1.generate(msg, true); resp = s.getEncoded(); } if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_ENCRYPT) != 0) { CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(getCMSCertificate()) .setProvider(BouncyCastleProvider.PROVIDER_NAME)); JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder( PKCSObjectIdentifiers.des_EDE3_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME); CMSEnvelopedData ed = edGen.generate(new CMSProcessableByteArray(resp), jceCMSContentEncryptorBuilder.build()); resp = ed.getEncoded(); } if ((serviceReq.getMode() & CmsCAServiceRequest.MODE_DECRYPT) != 0) { final CMSEnvelopedData ed = new CMSEnvelopedData(resp); final RecipientInformationStore recipients = ed.getRecipientInfos(); final X500Name issuer = X500Name .getInstance(getCMSCertificate().getIssuerX500Principal().getEncoded()); final KeyTransRecipientId id = new KeyTransRecipientId(issuer, getCMSCertificate().getSerialNumber()); final RecipientInformation recipient = recipients.get(id); if (recipient != null) { JceKeyTransEnvelopedRecipient rec = new JceKeyTransEnvelopedRecipient(this.privKey); // Provider for decrypting the symmetric key rec.setContentProvider(BouncyCastleProvider.PROVIDER_NAME); rec.setProvider(cryptoToken.getSignProviderName()); // We can use a different provider for decrypting the content, for example of we used a PKCS#11 provider above we could use the BC provider below resp = recipient.getContent(rec); } } returnval = new CmsCAServiceResponse(resp); } catch (CMSException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (IOException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (OperatorCreationException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } catch (CertificateEncodingException e) { log.error("Error in CmsCAService", e); throw new ExtendedCAServiceRequestException(e); } if (log.isTraceEnabled()) { log.trace("<extendedService"); } return returnval; }
From source file:org.ejbca.core.model.ca.caadmin.X509CA.java
License:Open Source License
public byte[] encryptKeys(KeyPair keypair) throws IOException, CATokenOfflineException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream os = new ObjectOutputStream(baos); os.writeObject(keypair);// w w w .j av a 2 s . c o m CryptoProviderTools.installBCProviderIfNotAvailable(); CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); CMSEnvelopedData ed; try { edGen.addKeyTransRecipient(this.getCAToken().getPublicKey(SecConst.CAKEYPURPOSE_KEYENCRYPT), this.keyId); ed = edGen.generate(new CMSProcessableByteArray(baos.toByteArray()), CMSEnvelopedDataGenerator.AES256_CBC, "BC"); } catch (Exception e) { log.error("-encryptKeys: ", e); throw new IOException(e.getMessage()); } return ed.getEncoded(); }