Beispiel #1
0
 private void checkContents() throws PKCS7Exception {
   String contents = this.getContents();
   if (contents == null) {
     throw new PKCS7Exception();
   }
   if (!contents.startsWith(HEADER) || !contents.endsWith(FOOTER)) {
     throw new PKCS7Exception("Header or/and footer missing.");
   }
   String in = getContentsFilename();
   String[] args = {"openssl", "pkcs7", "-inform", "PEM", "-in", in, "-noout"};
   BashReader br = BashReader.read(args);
   if (br == null || br.getExitValue() != 0) {
     String message;
     if (br == null) {
       message = "Error while cheking the PKCS7 data.";
     } else {
       message = br.getErrorMessage();
     }
     Logger.error(TAG, message + "\r\tfor " + getContents());
     throw new PKCS7Exception(message);
   }
 }
Beispiel #2
0
  public boolean encrypt() throws CertificateException {
    if (!isSigned || getSignedDataDER() == null || getSignedDataPEM() == null) {
      throw new CertificateException(
          "Please sign the PKCS7 first with a signer and its private key.");
    }

    // As the first statement of this methods implies it, the encryption process come right after
    // the signing process
    // This means the encrypt should be very similar to the signing process, and thus easier to
    // understand

    // This file should exist, so get its contents or dump the signed data if the file is not there.
    File tempSigned = new File("tmp/temp-" + getFilename(false) + ".signed");
    File tempEnc = new File("tmp/temp-" + getFilename(false) + ".encrypted");
    if (!tempSigned.exists()) {
      FileWriter.write(getDERSignedDataAsString(), tempSigned.getPath());
    }
    addTempFile(tempSigned);

    // Create a temp file that will contain the signer
    File tempSignerBlob = new File("tmp/temp-" + getFilename(false) + ".signer");
    if (!FileWriter.write(this.getCertSigner().getBlob(), tempSignerBlob.getAbsolutePath())) {
      throw new PKCS7Exception("Couldn't write the signer's blob of data to the file.");
    }
    addTempFile(tempSignerBlob);

    String[] args = {
      "openssl",
      "cms",
      "-encrypt",
      "-in",
      tempSigned.getPath(),
      "-out",
      tempEnc.getPath(),
      tempSignerBlob.getPath()
    };

    BashReader bashReader = BashReader.read(args);
    if (bashReader == null || bashReader.getExitValue() != 0) {
      if (bashReader == null) {
        throw new PKCS7Exception(
            "The command \"" + BashReader.toSingleString(args) + "\" failed (null).");
      }
      throw new PKCS7Exception(
          "The command \""
              + BashReader.toSingleString(args)
              + "\" failed - "
              + bashReader.getOutput()
              + " ("
              + bashReader.getExitValue()
              + ")");
    }

    // Now we have a file with encrypted data!
    this.encryptedData = BashReader.toSingleString(FileReader.getLines(tempEnc)).trim().getBytes();
    this.isEncrypted = true;

    if (cleanTempFiles()) {
      Logger.debug("PKCS7", "PKCS7.encrypt(): Temp files all cleaned up.");
    } else {
      Logger.debug("PKCS7", "PKCS7.encrypt(): Temp files NOT cleaned up (all or some).");
    }

    return isEncrypted;
  }
Beispiel #3
0
  public static void main(String[] args) {
    String rawData = /*"-----BEGIN PKCS7-----\n" +*/
        "MIIGugYJKoZIhvcNAQcCoIIGqzCCBqcCAQExDjAMBggqhkiG9w0CBQUAMIIDIQYJ\n"
            + "KoZIhvcNAQcBoIIDEgSCAw4wggMKBgkqhkiG9w0BBwOgggL7MIIC9wIBADGCAUow\n"
            + "ggFGAgEAMC4wKTELMAkGA1UEChMCcWExGjAYBgNVBAMTEVN0VmluY2VudFFBQ0Ey\n"
            + "MDExAgEBMA0GCSqGSIb3DQEBAQUABIIBAJAuX2pGfDb4QvwQh8KHmtoeZ4Yawkcc\n"
            + "qihpBVHoLfw8X1JGYIp1QFc9SHYuesv5G3sxN1RxVwrDAZo+aaGWWwbCLjvmlFAr\n"
            + "SO5cBXYtJOvnD9DfNlRC++1miOmi2slzbxC7rq7DNo+uaC6YEE/Np/uFmoftLltC\n"
            + "V6BOgzXWCnDOjTqyuVRyZcjJ5fOJwpwbuAn5jbiEiSQLMUc7hhHdxC0sdlVYwrtO\n"
            + "Yjh/H9LpoO+H1LacTp41XBpK9QBgB80PTtkRzjlMInmjATtdaWYhPdGJh2s5z0bQ\n"
            + "mJc8cd2sIN7LAmV/r7I6dGZZkzSAAWOfUxNWRzGHvdITw24G28kZCeQwggGiBgkq\n"
            + "hkiG9w0BBwEwEQYFKw4DAgcECMa+/NEt+BAtgIIBgEYGsXOk72sGavghfEh80pJO\n"
            + "KNRxgfI99AzhQH/C+HA3yGU8WH3GUPCCIH/UJ3PxMZOgiAhJytucVrboVqwvvqN8\n"
            + "BJHsbj702MPLLwvfD3dgz5CjhXRwd+nYVCIihyTWx2SOqFjBhkWayLTbgXga/eRg\n"
            + "HLV+Pr87rt+6aIiuOrRpfuToxYaeBqAKClj/iJYeRMOCmSxRzx4OPsktg2f06EIw\n"
            + "W6sWikK53GvIocCXpCiymwiKChDYn5iingh4zkcKVq78ZtuzD9JFhha5BRqueCve\n"
            + "iModreVI9WJpc0rLjHRaRafLAsic2zxylxR3ycm/TNQ6aU1XXYmY24n3u9pRHH+k\n"
            + "kxQvzhtt/pw5mwqnTW1Y9J8wMRnW1wPa7uZuv6QxZymfphJWBTCoek5u+pVHCYwf\n"
            + "TGaP0bh8K3Ylsqwi6bIBaBc1bNkLQ4pRQXa70tU61lL+LuCC3f3auimMdUjWr1QP\n"
            + "LtRr8zV9AbpbyNVqfDiGWYX4Xu9XFAxghbu2oKJbSKCCAcEwggG9MIIBJqADAgEC\n"
            + "AiBDMDZGMkVGNjg4Mjc5NUJDQzgyODkxMTkxMkYzRjcyODANBgkqhkiG9w0BAQQF\n"
            + "ADAVMRMwEQYDVQQDEwoxMjcuMC4xLjEwMB4XDTE2MDYyNzE4MDExMFoXDTE2MDcw\n"
            + "MzIwMDExMFowFTETMBEGA1UEAxMKMTI3LjAuMS4xMDCBnzANBgkqhkiG9w0BAQEF\n"
            + "AAOBjQAwgYkCgYEAmlixAXWAbhwCjZN1hRosDwTPNxh4SzoscCAU7UPZk3CDQ10z\n"
            + "YF5em8Ui4xTjcwWnlUwxsWBD64Pai3WAiqBhuB6AVw5rFTVDV4SMDdU+SLuniRZp\n"
            + "LK3BXiFiqHQp5Z7fs+OxDzSGpWR0Y5JQUOCfd6RyJ2D7oBY5L89b4uPbs98CAwEA\n"
            + "ATANBgkqhkiG9w0BAQQFAAOBgQBTx85iXRnNlP9Ojl73OB2K2fK+Yzfo+r3Hf51E\n"
            + "g7EHP1eWYVi59/QYdN+5WcgViQWbgAygLHqQQa/vppmklp9ZnY2mNLtPIwAKE2sf\n"
            + "8yXLW6YNE+T4H0lzY8DLBPjR2NHvboC9USuAEl5/0cP1tp7AnXAodyrQ9USsoZ2c\n"
            + "r3KjpjGCAaYwggGiAgEBMDkwFTETMBEGA1UEAxMKMTI3LjAuMS4xMAIgQzA2RjJF\n"
            + "RjY4ODI3OTVCQ0M4Mjg5MTE5MTJGM0Y3MjgwDAYIKoZIhvcNAgUFAKCBwTASBgpg\n"
            + "hkgBhvhFAQkCMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI\n"
            + "hvcNAQkFMQ8XDTE2MDYyNzE4MDExMFowHwYJKoZIhvcNAQkEMRIEEE7F5LZ/EG9Z\n"
            + "lkAsVchtrhwwIAYKYIZIAYb4RQEJBTESBBD6vHMHXuym8XD6AqjAlTUyMDAGCmCG\n"
            + "SAGG+EUBCQcxIhMgQzA2RjJFRjY4ODI3OTVCQ0M4Mjg5MTE5MTJGM0Y3MjgwDQYJ\n"
            + "KoZIhvcNAQEBBQAEgYBYpGW/8dKMHnED09/pkqr2FYTBSlVTIqAIN0ECHt+BmNW3\n"
            + "FhzL5AUEAaAcCf+fPuNgFUITOcM0YYGvzXD0vUrtrzfhSk2wFAU+olH/yYM+0mJ7\n"
            + "ZgVL5zy55NHa7XsrcIVs576RGA6czEoetftYGRykS8zU6SOKFumC86ojkBKeYw==\n" /* +
                                                                                   "-----END PKCS7-----\n"*/;

    try {
      PKCS7 pkcs7 = new PKCS7(rawData, true);
      Logger.printOut(pkcs7.getContentsFilename());
    } catch (PKCS7Exception e) {
      e.printStackTrace();
    }

    //        rawData =
    // BashReader.toSingleString(FileReader.getLines("/home/aakintol/Downloads/cbn_dsa-cert.pem"));
    //        Signable pkcs7 = new Signable();
    //        pkcs7.setContents(rawData);
    ////        pkcs7.createFilename();
    //        try {
    //            Certificate signer = Certificate.loadCertificateFromFile("test-signer.pem");
    //            PrivateKey privateKey = PrivateKey.loadPrivateKey(new File("test-key.key"));
    //
    //            pkcs7.setCertSigner(signer);
    //            pkcs7.setPrivateKeySigner(privateKey);
    //            pkcs7.sign();
    //            int v = pkcs7.verify();
    //            System.exit(v);
    //            System.out.println(pkcs7.getDERSignedDataAsString());
    //        } catch (CertificateException e) {
    //            e.printStackTrace();
    //            System.exit(1);
    //        }

    //        BashReader bashReader = BashReader.read("python", "hexdump", "-in", "verified.bin");
    //        if (bashReader != null) {
    //            System.out.println(bashReader.getExitValue());
    //            System.out.println(bashReader.getOutput());
    //        } else {
    //            System.out.println("HMMM.");
    //        }

    //        Signable signable = new Signable();
    //        Subject load;
    //        try {
    //            load = Subject.load("/C=CA/L=Ottawa/CN=cbnca");
    //        } catch (Exception e) {
    //            load = null;
    //        }
    //
    //        signable.setContents(rawData);
    //        Logger.debug("set priv key + cert: "+ VerifyUtils.setKeyAndSigner("test-key.key",
    // "test-signer.pem", signable));
    //        signable.sign(null, null, null);
    //        Logger.debug("signed data: "+signable.getSignedDataPEM());

    //        Logger.printOut(signable.getCertSigner().getBlob());
    //        Logger.printOut(new String(signable.getPrivateKeySigner().dumpDER()));
    //        Logger.printOut(signable.getPrivateKeySigner().dumpPEM());

    //        Logger.debug("keygen: "+VerifyUtils.generateKey("rsa", 2048, new File("res/out.key"),
    // new File("res/out.cert"), signable, load));
    //
    //        signable.setContents("valid contents.");
    //        Logger.debug("sign: "+SignUtils.execOpenSSLCMSSign("sha1", true, false, false,
    // signable));
    //        Logger.debug("signed? "+signable.isSigned());
    //        Logger.debug("locate sig pem: "+VerifyUtils.locateSignature("PEM", signable));
    //        Logger.debug("locate sig der: "+VerifyUtils.locateSignature("DER", signable));
    //        Logger.debug("pub key extraction: "+VerifyUtils.extractPublicKeyFromCertificate("pem",
    // signable));
    //        Logger.debug("asn1parse: "+SignUtils.execOpenSSLASN1Parse("DER", signable, false));
    //        Logger.debug("extract rsa bin: "+VerifyUtils.extractBinaryRSAEncryptedHash("sha256",
    // signable));
    //        Hexdump hexReceiver = new Hexdump();
    //        Logger.debug("hexdump: "+VerifyUtils.performHexdump("res/signed-sha256.bin",
    // hexReceiver));
    //        Logger.debug("hexdump result: "+hexReceiver.getDump());
    //        Logger.debug("sig verif: "+VerifyUtils.verifySignature("res/signed-sha256.bin",
    // "verified256.bin", signable));

    //        VerifyUtils.locateSignature("PEM", signable);
    //        try {
    //            signable.setContents("HAHAHAHAHAHAH to sign.");
    //            signable.sign();
    //        } catch (CertificateException e) {
    //            e.printStackTrace();
    //        }

    try {
      Thread.sleep(5000);
      BashReader.read("rm", "-rf", "tmp/");
    } catch (InterruptedException e) {
      e.printStackTrace();
    }

    //        BashReader br = BashReader.read("openssl req -key out.key -new -x509 -days 365 -out
    // out.cert -subj \"/CN=cbnca/C=CA/L=Ottawa\"");
    //
    //        Logger.debug(br != null ? br.getExitValue() + " : "+br.getOutput() : "NULL");

    //        try {
    //            String[] argv = {"openssl", "req", "-nodes", "-newkey", String.format("%s:%s",
    // "rsa", 2048), "-keyout", "java.key", "-subj", "/C=CA/L=Ottawa/OU=CBN"};
    //            BashReader br = BashReader.read(argv);
    //            Logger.debug(br != null ? br.toString() : "NULL");
    //            argv = new String[]{"openssl", "req", "-key", "java.key", "-new", "-x509",
    // "-days", "365", "-out", "java.cert", "-subj", "/C=CA/L=Ottawa/OU=CBN"};
    //            br = BashReader.read(argv);
    //            Logger.debug(br != null ? br.toString() : "NULL");
    //        } catch (Exception e) {
    //            e.printStackTrace();
    //        }

  }