From ecaf5cdc0b09e9327e515ca875711967590623e6 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Wed, 11 Dec 2013 12:05:53 +0100 Subject: Changes for ecc library switch --- .../sigs/pkcs7detached/PKCS7DetachedSigner.java | 50 +--------------------- .../sigs/pkcs7detached/PKCS7DetachedVerifier.java | 7 ++- 2 files changed, 4 insertions(+), 53 deletions(-) (limited to 'signature-standards/sigs-pkcs7detached/src/main/java') diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java index 83df6a59..2110209a 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedSigner.java @@ -9,11 +9,6 @@ import iaik.cms.ContentInfo; import iaik.cms.IssuerAndSerialNumber; import iaik.cms.SignedData; import iaik.cms.SignerInfo; -import iaik.cms.Utils; -import iaik.pkcs.PKCSException; -import iaik.pkcs.pkcs7.Data; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.FileInputStream; @@ -21,7 +16,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.KeyStore; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -30,13 +24,11 @@ import java.util.Date; import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.pdfas.common.exceptions.PdfAsException; import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException; -import at.gv.egiz.pdfas.common.utils.StringUtils; import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner; public class PKCS7DetachedSigner implements IPlainSigner { @@ -50,8 +42,6 @@ public class PKCS7DetachedSigner implements IPlainSigner { public PKCS7DetachedSigner(String file, String alias, String kspassword, String keypassword, String type) throws PdfAsException { try { - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); KeyStore ks = KeyStore.getInstance(type); ks.load(new FileInputStream(file), kspassword.toCharArray()); privKey = (PrivateKey) ks.getKey(alias, keypassword.toCharArray()); @@ -88,49 +78,11 @@ public class PKCS7DetachedSigner implements IPlainSigner { } } - private static BouncyCastleProvider provider = new BouncyCastleProvider(); - - /* - * public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { - * CMSProcessableInputStream content = new CMSProcessableInputStream(new - * ByteArrayInputStream(input)); CMSSignedDataGenerator gen = new - * CMSSignedDataGenerator(); // CertificateChain List - * certList = Arrays.asList(cert); - * - * CertStore certStore = null; try { certStore = - * CertStore.getInstance("Collection", new - * CollectionCertStoreParameters(certList), provider); - * gen.addSigner(privKey, (X509Certificate)certList.get(0), - * CMSSignedGenerator.DIGEST_SHA256); gen.addCertificatesAndCRLs(certStore); - * CMSSignedData signedData = gen.generate(content, false, provider); return - * signedData.getEncoded(); } catch (Exception e) { // should be handled - * e.printStackTrace(); } throw new - * RuntimeException("Problem while preparing signature"); } - */ - public byte[] sign(byte[] input, int[] byteRange) throws PdfAsException { try { - // SignedDataStream signed_data_stream = new SignedDataStream( - // new ByteArrayInputStream(input), SignedDataStream.EXPLICIT); - // ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // signed_data_stream.addCertificates(new Certificate[] { cert }); - // - // SubjectKeyID subjectKeyId = new SubjectKeyID(cert); - // SignerInfo signer1 = new SignerInfo(subjectKeyId, - // AlgorithmID.sha256, privKey); - // signed_data_stream.addSignerInfo(signer1); - // InputStream data_is = signed_data_stream.getInputStream(); - // if (signed_data_stream.getMode() == SignedDataStream.EXPLICIT) { - // byte[] buf = new byte[1024]; - // int r; - // while ((r = data_is.read(buf)) > 0) { - // // do something useful - // } - // } - // SubjectKeyID subjectKeyId = new SubjectKeyID(cert); IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert); SignerInfo signer1 = new SignerInfo(issuer, AlgorithmID.sha256, - AlgorithmID.ecdsa_plain_With_SHA256, + AlgorithmID.ecdsa_With_SHA256, privKey); SignedData si = new SignedData(input, SignedData.EXPLICIT); diff --git a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java index ed7ae01c..3d0aed42 100644 --- a/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java +++ b/signature-standards/sigs-pkcs7detached/src/main/java/at/gv/egiz/pdfas/sigs/pkcs7detached/PKCS7DetachedVerifier.java @@ -5,8 +5,6 @@ import iaik.asn1.structures.AlgorithmID; import iaik.cms.ContentInfo; import iaik.cms.SignedData; import iaik.cms.SignerInfo; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -33,8 +31,6 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { private static final Logger logger = LoggerFactory.getLogger(PKCS7DetachedVerifier.class); public PKCS7DetachedVerifier() { - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); } public List verify(byte[] contentData, byte[] signatureContent) @@ -69,6 +65,9 @@ public class PKCS7DetachedVerifier implements IVerifyFilter { try { // verify the signature for SignerInfo at index i X509Certificate signer_cert = signedData.verify(i); + logger.info("Signature Algo: {}, Digest {}", + signedData.getSignerInfos()[i].getSignatureAlgorithm(), + signedData.getSignerInfos()[i].getDigestAlgorithm()); // if the signature is OK the certificate of the // signer is returned logger.info("Signature OK from signer: " -- cgit v1.2.3