130 lines
7.9 KiB
Diff
130 lines
7.9 KiB
Diff
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
|
|
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java.ade1 2014-06-26 16:24:28.166315424 +0800
|
|
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java 2014-06-26 17:32:29.632936971 +0800
|
|
@@ -3,6 +3,7 @@ package org.jboss.resteasy.security.smim
|
|
import org.bouncycastle.cms.RecipientInformation;
|
|
import org.bouncycastle.cms.RecipientInformationStore;
|
|
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
|
|
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
|
|
import org.bouncycastle.mail.smime.SMIMEEnveloped;
|
|
import org.bouncycastle.mail.smime.SMIMEUtil;
|
|
import org.jboss.resteasy.core.Headers;
|
|
@@ -159,7 +160,8 @@ public class EnvelopedInputImpl implemen
|
|
RecipientInformationStore recipients = m.getRecipientInfos();
|
|
RecipientInformation recipient = recipients.get(recId);
|
|
|
|
- decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKey, "BC"));
|
|
+ decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(
|
|
+ new JceKeyTransEnvelopedRecipient(pKey).setProvider("BC")));
|
|
}
|
|
catch (Exception e1)
|
|
{
|
|
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
|
|
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java.ade1 2014-06-26 17:07:37.679401083 +0800
|
|
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java 2014-06-26 17:11:10.734149755 +0800
|
|
@@ -2,6 +2,7 @@ package org.jboss.resteasy.security.smim
|
|
|
|
import org.bouncycastle.cms.SignerInformation;
|
|
import org.bouncycastle.cms.SignerInformationStore;
|
|
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
|
|
import org.bouncycastle.mail.smime.SMIMESigned;
|
|
import org.jboss.resteasy.util.GenericType;
|
|
|
|
@@ -157,7 +158,8 @@ public class MultipartSignedInputImpl im
|
|
|
|
SignerInformationStore signers = signed.getSignerInfos();
|
|
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
|
|
- return signer.verify(publicKey, "BC");
|
|
+ return signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
|
|
+ .setProvider("BC").build(publicKey));
|
|
|
|
}
|
|
|
|
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
|
|
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java.ade1 2014-06-26 16:36:24.564853001 +0800
|
|
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java 2014-06-26 18:52:43.301108577 +0800
|
|
@@ -3,6 +3,7 @@ package org.jboss.resteasy.security.smim
|
|
import org.bouncycastle.cms.CMSException;
|
|
import org.bouncycastle.cms.CMSSignedData;
|
|
import org.bouncycastle.cms.SignerInformation;
|
|
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
|
|
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
|
import org.jboss.resteasy.util.Base64;
|
|
import org.jboss.resteasy.util.GenericType;
|
|
@@ -206,7 +207,8 @@ public class PKCS7SignatureInput<T>
|
|
for (Object info : data.getSignerInfos().getSigners())
|
|
{
|
|
SignerInformation signer = (SignerInformation)info;
|
|
- if (signer.verify(certificate, "BC"))
|
|
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
|
|
+ .setProvider("BC").build(certificate)))
|
|
{
|
|
return true;
|
|
}
|
|
@@ -218,7 +220,8 @@ public class PKCS7SignatureInput<T>
|
|
for (Object info : data.getSignerInfos().getSigners())
|
|
{
|
|
SignerInformation signer = (SignerInformation)info;
|
|
- if (signer.verify(publicKey, "BC"))
|
|
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
|
|
+ .setProvider("BC").build(publicKey)))
|
|
{
|
|
return true;
|
|
}
|
|
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
|
|
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java.ade1 2014-06-24 23:38:42.464516920 +0800
|
|
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java 2014-06-26 18:05:06.601349666 +0800
|
|
@@ -4,7 +4,13 @@ import org.bouncycastle.cms.CMSException
|
|
import org.bouncycastle.cms.CMSProcessable;
|
|
import org.bouncycastle.cms.CMSProcessableByteArray;
|
|
import org.bouncycastle.cms.CMSSignedData;
|
|
+import org.bouncycastle.cms.CMSTypedData;
|
|
import org.bouncycastle.cms.CMSSignedDataGenerator;
|
|
+import org.bouncycastle.operator.ContentSigner;
|
|
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
|
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
|
|
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
|
|
+import org.bouncycastle.operator.OperatorCreationException;
|
|
import org.jboss.resteasy.security.BouncyIntegration;
|
|
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
|
|
import org.jboss.resteasy.spi.WriterException;
|
|
@@ -25,6 +31,7 @@ import java.lang.reflect.Type;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.NoSuchProviderException;
|
|
import java.security.cert.X509Certificate;
|
|
+import java.security.cert.CertificateEncodingException;
|
|
|
|
/**
|
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
|
@@ -70,7 +77,7 @@ public class PKCS7SignatureWriter implem
|
|
}
|
|
}
|
|
|
|
- public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException
|
|
+ public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException
|
|
{
|
|
ByteArrayOutputStream bodyOs = new ByteArrayOutputStream();
|
|
MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType());
|
|
@@ -82,11 +89,18 @@ public class PKCS7SignatureWriter implem
|
|
bodyHeaders.add("Content-Type", out.getMediaType().toString());
|
|
writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs);
|
|
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
|
|
- signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
|
|
+
|
|
+ ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey());
|
|
+ signGen.addSignerInfoGenerator(
|
|
+ new JcaSignerInfoGeneratorBuilder(
|
|
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
|
|
+ .build(sha1Signer, (X509Certificate)out.getCertificate()));
|
|
+
|
|
+ //signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
|
|
//signGen.addCertificatesAndCRLs(certs);
|
|
- CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray());
|
|
+ CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray());
|
|
|
|
- CMSSignedData signedData = signGen.generate(content, true, "BC");
|
|
+ CMSSignedData signedData = signGen.generate(content, true);
|
|
return signedData.getEncoded();
|
|
}
|
|
}
|