From ecaf5cdc0b09e9327e515ca875711967590623e6 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 11 Dec 2013 12:05:53 +0100 Subject: Changes for ecc library switch --- .../at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java | 3 -- .../sigs-pkcs7detached/build.gradle | 4 +- .../sigs/pkcs7detached/PKCS7DetachedSigner.java | 50 +--------------------- .../sigs/pkcs7detached/PKCS7DetachedVerifier.java | 7 ++- 4 files changed, 6 insertions(+), 58 deletions(-) diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java index 291d6898..6e79a1a0 100644 --- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java +++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESVerifier.java @@ -1,6 +1,5 @@ package at.gv.egiz.pdfas.sigs.pades; -import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; @@ -48,8 +47,6 @@ public class PAdESVerifier implements IVerifyFilter { private String moaTrustProfile; public PAdESVerifier() { - IAIK.getInstance(); - ECCProvider.addAsProvider(); } @SuppressWarnings("rawtypes") diff --git a/signature-standards/sigs-pkcs7detached/build.gradle b/signature-standards/sigs-pkcs7detached/build.gradle index d1ea063f..9159b3b1 100644 --- a/signature-standards/sigs-pkcs7detached/build.gradle +++ b/signature-standards/sigs-pkcs7detached/build.gradle @@ -16,8 +16,8 @@ dependencies { compile project (':pdf-as-lib') compile project (':pdf-as-common') compile group: 'iaik', name: 'iaik_cms', version: '4.1' - compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_jce_eval_signed', version: '4.0' - compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_ecc_eval_signed', version: '2.19' + //compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_jce_eval_signed', version: '4.0' + //compile group: 'eu.europa.ec.joinup.egovlabs.pdf-as.iaik', name: 'iaik_ecc_eval_signed', version: '2.19' compile group: 'commons-collections', name: 'commons-collections', version: '3.2' compile group: 'org.bouncycastle', name: 'bcprov-jdk16', version: '1.46' compile group: 'org.bouncycastle', name: 'bcmail-jdk16', version: '1.46' diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java index 83df6a59..2110209a 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java @@ -9,11 +9,6 @@ import iaik.cms.ContentInfo; import iaik.cms.IssuerAndSerialNumber; import iaik.cms.SignedData; import iaik.cms.SignerInfo; -import iaik.cms.Utils; -import iaik.pkcs.PKCSException; -import iaik.pkcs.pkcs7.Data; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.FileInputStream; @@ -21,7 +16,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.KeyStore; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -30,13 +24,11 @@ import java.util.Date; import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; -import at.gv.egiz.pdfas.common.utils.StringUtils; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; public class PKCS7DetachedSigner implements IPlainSigner { @@ -50,8 +42,6 @@ public class PKCS7DetachedSigner implements IPlainSigner { public PKCS7DetachedSigner(String file, String alias, String kspassword, String keypassword, String type) throws PdfAsException { try { - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); KeyStore ks = KeyStore.getInstance(type); ks.load(new FileInputStream(file), kspassword.toCharArray()); privKey = (PrivateKey) ks.getKey(alias, keypassword.toCharArray()); @@ -88,49 +78,11 @@ public class PKCS7DetachedSigner implements IPlainSigner { } } - private static BouncyCastleProvider provider = new BouncyCastleProvider(); - - /* - * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { - * CMSProcessableInputStream content = new CMSProcessableInputStream(new - * ByteArrayInputStream(input)); CMSSignedDataGenerator gen = new - * CMSSignedDataGenerator(); // CertificateChain List - * certList = Arrays.asList(cert); - * - * CertStore certStore = null; try { certStore = - * CertStore.getInstance("Collection", new - * CollectionCertStoreParameters(certList), provider); - * gen.addSigner(privKey, (X509Certificate)certList.get(0), - * CMSSignedGenerator.DIGEST_SHA256); gen.addCertificatesAndCRLs(certStore); - * CMSSignedData signedData = gen.generate(content, false, provider); return - * signedData.getEncoded(); } catch (Exception e) { // should be handled - * e.printStackTrace(); } throw new - * RuntimeException("Problem while preparing signature"); } - */ - public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { try { - // SignedDataStream signed_data_stream = new SignedDataStream( - // new ByteArrayInputStream(input), SignedDataStream.EXPLICIT); - // ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // signed_data_stream.addCertificates(new Certificate[] { cert }); - // - // SubjectKeyID subjectKeyId = new SubjectKeyID(cert); - // SignerInfo signer1 = new SignerInfo(subjectKeyId, - // AlgorithmID.sha256, privKey); - // signed_data_stream.addSignerInfo(signer1); - // InputStream data_is = signed_data_stream.getInputStream(); - // if (signed_data_stream.getMode() == SignedDataStream.EXPLICIT) { - // byte[] buf = new byte[1024]; - // int r; - // while ((r = data_is.read(buf)) > 0) { - // // do something useful - // } - // } - // SubjectKeyID subjectKeyId = new SubjectKeyID(cert); IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert); SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256, - AlgorithmID.ecdsa_plain_With_SHA256, + AlgorithmID.ecdsa_With_SHA256, privKey); SignedData si = new SignedData(input, SignedData.EXPLICIT); diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java index ed7ae01c..3d0aed42 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java @@ -5,8 +5,6 @@ import iaik.asn1.structures.AlgorithmID; import iaik.cms.ContentInfo; import iaik.cms.SignedData; import iaik.cms.SignerInfo; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -33,8 +31,6 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { private static final Logger logger = LoggerFactory.getLogger(PKCS7DetachedVerifier.class); public PKCS7DetachedVerifier() { - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); } public List verify(byte[] contentData, byte[] signatureContent) @@ -69,6 +65,9 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { try { // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); + logger.info("Signature Algo: {}, Digest {}", + signedData.getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); // if the signature is OK the certificate of the // signer is returned logger.info("Signature OK from signer: " -- cgit v1.2.3