From c51b76729a569bdea8738e53daa5ffa823684fd7 Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Mon, 25 Aug 2014 10:13:46 +0200
Subject: Software Keystore loading fallback to SUN provider on IAIK provider
 error

---
 .../egiz/pdfas/sigs/pades/PAdESSignerKeystore.java | 238 ++++++++++++---------
 1 file changed, 138 insertions(+), 100 deletions(-)

(limited to 'signature-standards')

diff --git a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
index c4dda337..002475eb 100644
--- a/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
+++ b/signature-standards/sigs-pades/src/main/java/at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.java
@@ -71,124 +71,162 @@ public class PAdESSignerKeystore implements IPlainSigner {
 	private static final Logger logger = LoggerFactory
 			.getLogger(PAdESSignerKeystore.class);
 
+	private static final String fallBackProvider = "SunJSSE";
+
 	PrivateKey privKey;
 	X509Certificate cert;
 
+	private void loadKeystore(String file, String alias, String kspassword,
+			String keypassword, String type, String provider) throws Throwable {
+
+		String viusalProvider = (provider == null ? "IAIK" : provider);
+		logger.info("Opening Keystore: " + file + " with [" + viusalProvider
+				+ "]");
+
+		KeyStore ks = null;
+		if(provider == null) {
+			ks = KeyStore.getInstance(type);
+		} else {
+			ks = KeyStore.getInstance(type, provider);
+		}
+		
+		if (ks == null) {
+			throw new PdfAsException("error.pdf.sig.14");
+		}
+		if (kspassword == null) {
+			throw new PdfAsException("error.pdf.sig.15");
+		}
+
+		ks.load(new FileInputStream(file), kspassword.toCharArray());
+		if (keypassword == null) {
+			throw new PdfAsException("error.pdf.sig.16");
+		}
+		PasswordProtection pwdProt = new PasswordProtection(
+				keypassword.toCharArray());
+
+		logger.info("Opening Alias: [" + alias + "]");
+
+		Entry entry = ks.getEntry(alias, pwdProt);
+
+		if (!(entry instanceof PrivateKeyEntry)) {
+			throw new PdfAsException("error.pdf.sig.18");
+		}
+
+		PrivateKeyEntry privateEntry = (PrivateKeyEntry) entry;
+
+		privKey = privateEntry.getPrivateKey();
+
+		if (privKey == null) {
+			throw new PdfAsException("error.pdf.sig.13");
+		}
+
+		Certificate c = privateEntry.getCertificate();
+
+		if (c == null) {
+			if (privateEntry.getCertificateChain() != null) {
+				if (privateEntry.getCertificateChain().length > 0) {
+					c = privateEntry.getCertificateChain()[0];
+				}
+			}
+		}
+
+		if (c == null) {
+			throw new PdfAsException("error.pdf.sig.17");
+		}
+
+		cert = new X509Certificate(c.getEncoded());
+	}
+
 	public PAdESSignerKeystore(String file, String alias, String kspassword,
 			String keypassword, String type) throws PdfAsException {
 		try {
-			KeyStore ks = KeyStore.getInstance(type);
-			if(ks == null) {
-				throw new PdfAsException("error.pdf.sig.14");
-			}
-			if(kspassword == null) {
-				throw new PdfAsException("error.pdf.sig.15");
-			}
-			
-			logger.info("Opening Keystore: " + file);
-			
-			ks.load(new FileInputStream(file), kspassword.toCharArray());
-			if(keypassword == null) {
-				throw new PdfAsException("error.pdf.sig.16");
-			}
-			PasswordProtection pwdProt = new PasswordProtection(keypassword.toCharArray());
-			
-			logger.info("Opening Alias: [" + alias + "]");
-			
-			Entry entry = ks.getEntry(alias, pwdProt);
-			
-			if(!(entry instanceof PrivateKeyEntry)) {
-				throw new PdfAsException("error.pdf.sig.18");
-			}
-			
-			PrivateKeyEntry privateEntry = (PrivateKeyEntry)entry;
-			
-			privKey = privateEntry.getPrivateKey();
-			
-			if(privKey == null) {
-				throw new PdfAsException("error.pdf.sig.13");
-			}
-			
-			Certificate c = privateEntry.getCertificate();
-			
-			if(c == null) {
-				if(privateEntry.getCertificateChain() != null) {
-					if(privateEntry.getCertificateChain().length > 0) {
-						c = privateEntry.getCertificateChain()[0];
-					}
-				}
-			}
-			
-			if(c == null) {
-				throw new PdfAsException("error.pdf.sig.17");
-			}
-			
-			cert = new X509Certificate(c.getEncoded());
+			// Load keystore with default security provider (IAIK)
+			loadKeystore(file, alias, kspassword, keypassword, type, null);
 		} catch (Throwable e) {
-			 logger.error("Keystore error: ", e);
-			throw new PdfAsException("error.pdf.sig.02", e);
+			try {
+				// IAIK Provider seems to have problem with some PKCS12 files..
+				loadKeystore(file, alias, kspassword, keypassword, type,
+						fallBackProvider);
+				logger.warn("Failed to open Keystore with IAIK provider!");
+			} catch (Throwable e1) {
+				logger.error("Keystore IAIK provider error: ", e);
+				logger.error("Keystore " + fallBackProvider +  " provider error: ", e1);
+				throw new PdfAsException("error.pdf.sig.02", e1);
+			}
 		}
 	}
 
 	public X509Certificate getCertificate(SignParameter parameter) {
 		return cert;
 	}
-	
+
 	private void setMimeTypeAttrib(List<Attribute> attributes, String mimeType) {
-	    String oidStr = "0.4.0.1733.2.1";
-	    String name = "mime-type";
-	    ObjectID mimeTypeOID = new ObjectID(oidStr, name);
-
-	    Attribute mimeTypeAtt = new Attribute(mimeTypeOID, new ASN1Object[] {new UTF8String(mimeType)});
-	    attributes.add(mimeTypeAtt);
-	  }
-
-	  private void setContentTypeAttrib(List<Attribute> attributes) {
-	    Attribute contentType = new Attribute(ObjectID.contentType, new ASN1Object[] {ObjectID.cms_data});
-	    attributes.add(contentType);
-	  }
-
-	  private void setSigningCertificateAttrib(List<Attribute> attributes, X509Certificate signingCertificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
-	    ObjectID id;
-	    ASN1Object value = new SEQUENCE();
-	    AlgorithmID[] algorithms = CertificateUtils.getAlgorithmIDs(signingCertificate);
-	    if (algorithms[1].equals(AlgorithmID.sha1)) {
-	      id = ObjectID.signingCertificate;
-	      value.addComponent(new ESSCertID(signingCertificate, true).toASN1Object());
-	    }
-	    else {
-	      id = ObjectID.signingCertificateV2;
-	      value.addComponent(new ESSCertIDv2(algorithms[1], signingCertificate, true).toASN1Object());
-	    }
-	    ASN1Object signingCert = new SEQUENCE();
-	    signingCert.addComponent(value);
-	    Attribute signingCertificateAttrib = new Attribute(id, new ASN1Object[] {signingCert});
-	    attributes.add(signingCertificateAttrib);
-	  }
-
-	  private void setSigningTimeAttrib(List<Attribute> attributes, Date date) {
-	    Attribute signingTime = new Attribute(ObjectID.signingTime, new ASN1Object[] {new ChoiceOfTime(date).toASN1Object()});
-	    attributes.add(signingTime);
-	  }
-
-	private void setAttributes(String mimeType, X509Certificate signingCertificate, Date signingTime, 
-			SignerInfo signerInfo) throws CertificateException, NoSuchAlgorithmException, CodingException {
-	    List<Attribute> attributes = new ArrayList<Attribute>();
-	    setMimeTypeAttrib(attributes, mimeType);
-	    setContentTypeAttrib(attributes);
-	    setSigningCertificateAttrib(attributes, signingCertificate);
-	    setSigningTimeAttrib(attributes, signingTime);
-	    Attribute[] attributeArray = attributes.toArray(new Attribute[attributes.size()]);
-	    signerInfo.setSignedAttributes(attributeArray);
-	  }
-	
-	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter, RequestedSignature requestedSignature) throws PdfAsException {
+		String oidStr = "0.4.0.1733.2.1";
+		String name = "mime-type";
+		ObjectID mimeTypeOID = new ObjectID(oidStr, name);
+
+		Attribute mimeTypeAtt = new Attribute(mimeTypeOID,
+				new ASN1Object[] { new UTF8String(mimeType) });
+		attributes.add(mimeTypeAtt);
+	}
+
+	private void setContentTypeAttrib(List<Attribute> attributes) {
+		Attribute contentType = new Attribute(ObjectID.contentType,
+				new ASN1Object[] { ObjectID.cms_data });
+		attributes.add(contentType);
+	}
+
+	private void setSigningCertificateAttrib(List<Attribute> attributes,
+			X509Certificate signingCertificate) throws CertificateException,
+			NoSuchAlgorithmException, CodingException {
+		ObjectID id;
+		ASN1Object value = new SEQUENCE();
+		AlgorithmID[] algorithms = CertificateUtils
+				.getAlgorithmIDs(signingCertificate);
+		if (algorithms[1].equals(AlgorithmID.sha1)) {
+			id = ObjectID.signingCertificate;
+			value.addComponent(new ESSCertID(signingCertificate, true)
+					.toASN1Object());
+		} else {
+			id = ObjectID.signingCertificateV2;
+			value.addComponent(new ESSCertIDv2(algorithms[1],
+					signingCertificate, true).toASN1Object());
+		}
+		ASN1Object signingCert = new SEQUENCE();
+		signingCert.addComponent(value);
+		Attribute signingCertificateAttrib = new Attribute(id,
+				new ASN1Object[] { signingCert });
+		attributes.add(signingCertificateAttrib);
+	}
+
+	private void setSigningTimeAttrib(List<Attribute> attributes, Date date) {
+		Attribute signingTime = new Attribute(ObjectID.signingTime,
+				new ASN1Object[] { new ChoiceOfTime(date).toASN1Object() });
+		attributes.add(signingTime);
+	}
+
+	private void setAttributes(String mimeType,
+			X509Certificate signingCertificate, Date signingTime,
+			SignerInfo signerInfo) throws CertificateException,
+			NoSuchAlgorithmException, CodingException {
+		List<Attribute> attributes = new ArrayList<Attribute>();
+		setMimeTypeAttrib(attributes, mimeType);
+		setContentTypeAttrib(attributes);
+		setSigningCertificateAttrib(attributes, signingCertificate);
+		setSigningTimeAttrib(attributes, signingTime);
+		Attribute[] attributeArray = attributes
+				.toArray(new Attribute[attributes.size()]);
+		signerInfo.setSignedAttributes(attributeArray);
+	}
+
+	public byte[] sign(byte[] input, int[] byteRange, SignParameter parameter,
+			RequestedSignature requestedSignature) throws PdfAsException {
 		try {
 			logger.info("Creating PAdES signature.");
 			IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(cert);
-			
+
 			AlgorithmID[] algorithms = CertificateUtils.getAlgorithmIDs(cert);
-			
+
 			SignerInfo signer1 = new SignerInfo(issuer, algorithms[1],
 					algorithms[0], privKey);
 
-- 
cgit v1.2.3