pkcs7signeddata.java

java 文件下载器。可自定义

// Decompiled by Jad v1.5.8e2. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://kpdus.tripod.com/jad.html
// Decompiler options: packimports(3) fieldsfirst ansi space 
// Source File Name:   PKCS7SignedData.java

package org.bouncycastle.jce;

import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.pkcs.*;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.jce.provider.X509CRLObject;
import org.bouncycastle.jce.provider.X509CertificateObject;

// Referenced classes of package org.bouncycastle.jce:
//			X509Principal

public class PKCS7SignedData
	implements PKCSObjectIdentifiers
{

	private int version;
	private int signerversion;
	private Set digestalgos;
	private Collection certs;
	private Collection crls;
	private X509Certificate signCert;
	private byte digest[];
	private String digestAlgorithm;
	private String digestEncryptionAlgorithm;
	private Signature sig;
	private transient PrivateKey privKey;
	private final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1";
	private final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2";
	private final String ID_MD5 = "1.2.840.113549.2.5";
	private final String ID_MD2 = "1.2.840.113549.2.2";
	private final String ID_SHA1 = "1.3.14.3.2.26";
	private final String ID_RSA = "1.2.840.113549.1.1.1";
	private final String ID_DSA = "1.2.840.10040.4.1";

	public PKCS7SignedData(byte in[])
		throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException
	{
		this(in, "BC");
	}

	public PKCS7SignedData(byte in[], String provider)
		throws SecurityException, CRLException, InvalidKeyException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException
	{
		DERInputStream din = new DERInputStream(new ByteArrayInputStream(in));
		DERObject pkcs;
		try
		{
			pkcs = din.readObject();
		}
		catch (IOException e)
		{
			throw new SecurityException("can't decode PKCS7SignedData object");
		}
		if (!(pkcs instanceof ASN1Sequence))
			throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
		ContentInfo content = ContentInfo.getInstance(pkcs);
		if (!content.getContentType().equals(signedData))
			throw new SecurityException((new StringBuilder()).append("Not a valid PKCS#7 signed-data object - wrong header ").append(content.getContentType().getId()).toString());
		SignedData data = SignedData.getInstance(content.getContent());
		certs = new ArrayList();
		if (data.getCertificates() != null)
		{
			for (Enumeration ec = ASN1Set.getInstance(data.getCertificates()).getObjects(); ec.hasMoreElements(); certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(ec.nextElement()))));
		}
		crls = new ArrayList();
		if (data.getCRLs() != null)
		{
			for (Enumeration ec = ASN1Set.getInstance(data.getCRLs()).getObjects(); ec.hasMoreElements(); crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))));
		}
		version = data.getVersion().getValue().intValue();
		digestalgos = new HashSet();
		DERObjectIdentifier o;
		for (Enumeration e = data.getDigestAlgorithms().getObjects(); e.hasMoreElements(); digestalgos.add(o.getId()))
		{
			ASN1Sequence s = (ASN1Sequence)e.nextElement();
			o = (DERObjectIdentifier)s.getObjectAt(0);
		}

		ASN1Set signerinfos = data.getSignerInfos();
		if (signerinfos.size() != 1)
			throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
		SignerInfo signerInfo = SignerInfo.getInstance(signerinfos.getObjectAt(0));
		signerversion = signerInfo.getVersion().getValue().intValue();
		IssuerAndSerialNumber isAnds = signerInfo.getIssuerAndSerialNumber();
		BigInteger serialNumber = isAnds.getCertificateSerialNumber().getValue();
		X509Principal issuer = new X509Principal(isAnds.getName());
		Iterator i = certs.iterator();
		do
		{
			if (!i.hasNext())
				break;
			X509Certificate cert = (X509Certificate)i.next();
			if (!serialNumber.equals(cert.getSerialNumber()) || !issuer.equals(cert.getIssuerDN()))
				continue;
			signCert = cert;
			break;
		} while (true);
		if (signCert == null)
		{
			throw new SecurityException((new StringBuilder()).append("Can't find signing certificate with serial ").append(serialNumber.toString(16)).toString());
		} else
		{
			digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId();
			digest = signerInfo.getEncryptedDigest().getOctets();
			digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId();
			sig = Signature.getInstance(getDigestAlgorithm(), provider);
			sig.initVerify(signCert.getPublicKey());
			return;
		}
	}

	public PKCS7SignedData(PrivateKey privKey, Certificate certChain[], String hashAlgorithm)
		throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException
	{
		this(privKey, certChain, hashAlgorithm, "BC");
	}

	public PKCS7SignedData(PrivateKey privKey, Certificate certChain[], String hashAlgorithm, String provider)
		throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException
	{
		this(privKey, certChain, null, hashAlgorithm, provider);
	}

	public PKCS7SignedData(PrivateKey privKey, Certificate certChain[], CRL crlList[], String hashAlgorithm, String provider)
		throws SecurityException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException
	{
		this.privKey = privKey;
		if (hashAlgorithm.equals("MD5"))
			digestAlgorithm = "1.2.840.113549.2.5";
		else
		if (hashAlgorithm.equals("MD2"))
			digestAlgorithm = "1.2.840.113549.2.2";
		else
		if (hashAlgorithm.equals("SHA"))
			digestAlgorithm = "1.3.14.3.2.26";
		else
		if (hashAlgorithm.equals("SHA1"))
			digestAlgorithm = "1.3.14.3.2.26";
		else
			throw new NoSuchAlgorithmException((new StringBuilder()).append("Unknown Hash Algorithm ").append(hashAlgorithm).toString());
		version = signerversion = 1;
		certs = new ArrayList();
		crls = new ArrayList();
		digestalgos = new HashSet();
		digestalgos.add(digestAlgorithm);
		signCert = (X509Certificate)certChain[0];
		for (int i = 0; i < certChain.length; i++)
			certs.add(certChain[i]);

		if (crlList != null)
		{
			for (int i = 0; i < crlList.length; i++)
				crls.add(crlList[i]);

		}
		digestEncryptionAlgorithm = privKey.getAlgorithm();
		if (digestEncryptionAlgorithm.equals("RSA"))
			digestEncryptionAlgorithm = "1.2.840.113549.1.1.1";
		else
		if (digestEncryptionAlgorithm.equals("DSA"))
			digestEncryptionAlgorithm = "1.2.840.10040.4.1";
		else
			throw new NoSuchAlgorithmException((new StringBuilder()).append("Unknown Key Algorithm ").append(digestEncryptionAlgorithm).toString());
		sig = Signature.getInstance(getDigestAlgorithm(), provider);
		sig.initSign(privKey);
	}

	public String getDigestAlgorithm()
	{
		String da = digestAlgorithm;
		String dea = digestEncryptionAlgorithm;
		if (digestAlgorithm.equals("1.2.840.113549.2.5"))
			da = "MD5";
		else
		if (digestAlgorithm.equals("1.2.840.113549.2.2"))
			da = "MD2";
		else
		if (digestAlgorithm.equals("1.3.14.3.2.26"))
			da = "SHA1";
		if (digestEncryptionAlgorithm.equals("1.2.840.113549.1.1.1"))
			dea = "RSA";
		else
		if (digestEncryptionAlgorithm.equals("1.2.840.10040.4.1"))
			dea = "DSA";
		return (new StringBuilder()).append(da).append("with").append(dea).toString();
	}

	public void reset()
	{
		try
		{
			if (privKey == null)
				sig.initVerify(signCert.getPublicKey());
			else
				sig.initSign(privKey);
		}
		catch (Exception e)
		{
			throw new RuntimeException(e.toString());
		}
	}

	public Certificate[] getCertificates()
	{
		return (X509Certificate[])(X509Certificate[])certs.toArray(new X509Certificate[certs.size()]);
	}

	public Collection getCRLs()
	{
		return crls;
	}

	public X509Certificate getSigningCertificate()
	{
		return signCert;
	}

	public int getVersion()
	{
		return version;
	}

	public int getSigningInfoVersion()
	{
		return signerversion;
	}

	public void update(byte buf)
		throws SignatureException
	{
		sig.update(buf);
	}

	public void update(byte buf[], int off, int len)
		throws SignatureException
	{
		sig.update(buf, off, len);
	}

	public boolean verify()
		throws SignatureException
	{
		return sig.verify(digest);
	}

	private DERObject getIssuer(byte enc[])
	{
		ASN1Sequence seq;
		DERInputStream in = new DERInputStream(new ByteArrayInputStream(enc));
		seq = (ASN1Sequence)in.readObject();
		return (DERObject)seq.getObjectAt((seq.getObjectAt(0) instanceof DERTaggedObject) ? 3 : 2);
		IOException e;
		e;
		throw new Error((new StringBuilder()).append("IOException reading from ByteArray: ").append(e).toString());
	}

	public byte[] getEncoded()
	{
		ByteArrayOutputStream bOut;
		digest = sig.sign();
		ASN1EncodableVector v = new ASN1EncodableVector();
		AlgorithmIdentifier a;
		for (Iterator i = digestalgos.iterator(); i.hasNext(); v.add(a))
			a = new AlgorithmIdentifier(new DERObjectIdentifier((String)i.next()), null);

		DERSet algos = new DERSet(v);
		DERSequence contentinfo = new DERSequence(new DERObjectIdentifier("1.2.840.113549.1.7.1"));
		v = new ASN1EncodableVector();
		DERInputStream tempstream;
		for (Iterator i = certs.iterator(); i.hasNext(); v.add(tempstream.readObject()))
			tempstream = new DERInputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded()));

		DERSet dercertificates = new DERSet(v);
		ASN1EncodableVector signerinfo = new ASN1EncodableVector();
		signerinfo.add(new DERInteger(signerversion));
		IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber(new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())), new DERInteger(signCert.getSerialNumber()));
		signerinfo.add(isAnds);
		signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestAlgorithm), new DERNull()));
		signerinfo.add(new AlgorithmIdentifier(new DERObjectIdentifier(digestEncryptionAlgorithm), new DERNull()));
		signerinfo.add(new DEROctetString(digest));
		ASN1EncodableVector body = new ASN1EncodableVector();
		body.add(new DERInteger(version));
		body.add(algos);
		body.add(contentinfo);
		body.add(new DERTaggedObject(false, 0, dercertificates));
		if (crls.size() > 0)
		{
			v = new ASN1EncodableVector();
			DERInputStream t;
			for (Iterator i = crls.iterator(); i.hasNext(); v.add(t.readObject()))
				t = new DERInputStream(new ByteArrayInputStream(((X509CRL)i.next()).getEncoded()));

			DERSet dercrls = new DERSet(v);
			body.add(new DERTaggedObject(false, 1, dercrls));
		}
		body.add(new DERSet(new DERSequence(signerinfo)));
		ASN1EncodableVector whole = new ASN1EncodableVector();
		whole.add(new DERObjectIdentifier("1.2.840.113549.1.7.2"));
		whole.add(new DERTaggedObject(0, new DERSequence(body)));
		bOut = new ByteArrayOutputStream();
		DEROutputStream dout = new DEROutputStream(bOut);
		dout.writeObject(new DERSequence(whole));
		dout.close();
		return bOut.toByteArray();
		Exception e;
		e;
		throw new RuntimeException(e.toString());
	}
}