/** Read an existing PKCS#7 object from a DER encoded byte array */
  public PKCS7SignedData(byte[] in, String provider)
      throws SecurityException, CRLException, InvalidKeyException, NoSuchProviderException,
          NoSuchAlgorithmException {
    ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in));

    //
    // Basic checks to make sure it's a PKCS#7 SignedData Object
    //
    DERObject pkcs;

    try {
      pkcs = din.readObject();
    } catch (IOException e) {
      throw new SecurityException("can't decode PKCS7SignedData object");
    }

    if (!(pkcs instanceof ASN1Sequence)) {
      throw new SecurityException("Not a valid PKCS#7 object - not a sequence");
    }

    ContentInfo content = ContentInfo.getInstance(pkcs);

    if (!content.getContentType().equals(signedData)) {
      throw new SecurityException(
          "Not a valid PKCS#7 signed-data object - wrong header "
              + content.getContentType().getId());
    }

    SignedData data = SignedData.getInstance(content.getContent());

    certs = new ArrayList();

    if (data.getCertificates() != null) {
      Enumeration ec = ASN1Set.getInstance(data.getCertificates()).getObjects();

      while (ec.hasMoreElements()) {
        try {
          certs.add(
              new X509CertificateObject(X509CertificateStructure.getInstance(ec.nextElement())));
        } catch (CertificateParsingException e) {
          throw new SecurityException(e.toString());
        }
      }
    }

    crls = new ArrayList();

    if (data.getCRLs() != null) {
      Enumeration ec = ASN1Set.getInstance(data.getCRLs()).getObjects();
      while (ec.hasMoreElements()) {
        crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement())));
      }
    }

    version = data.getVersion().getValue().intValue();

    //
    // Get the digest algorithm
    //
    digestalgos = new HashSet();
    Enumeration e = data.getDigestAlgorithms().getObjects();

    while (e.hasMoreElements()) {
      ASN1Sequence s = (ASN1Sequence) e.nextElement();
      DERObjectIdentifier o = (DERObjectIdentifier) s.getObjectAt(0);
      digestalgos.add(o.getId());
    }

    //
    // Get the SignerInfo
    //
    ASN1Set signerinfos = data.getSignerInfos();
    if (signerinfos.size() != 1) {
      throw new SecurityException(
          "This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
    }

    SignerInfo signerInfo = SignerInfo.getInstance(signerinfos.getObjectAt(0));

    signerversion = signerInfo.getVersion().getValue().intValue();

    IssuerAndSerialNumber isAnds = signerInfo.getIssuerAndSerialNumber();

    //
    // Get the signing certificate
    //
    BigInteger serialNumber = isAnds.getCertificateSerialNumber().getValue();
    X509Principal issuer = new X509Principal(isAnds.getName());

    for (Iterator i = certs.iterator(); i.hasNext(); ) {
      X509Certificate cert = (X509Certificate) i.next();
      if (serialNumber.equals(cert.getSerialNumber()) && issuer.equals(cert.getIssuerDN())) {
        signCert = cert;
        break;
      }
    }

    if (signCert == null) {
      throw new SecurityException(
          "Can't find signing certificate with serial " + serialNumber.toString(16));
    }

    digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId();

    digest = signerInfo.getEncryptedDigest().getOctets();
    digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId();

    sig = Signature.getInstance(getDigestAlgorithm(), provider);

    sig.initVerify(signCert.getPublicKey());
  }
Beispiel #2
0
      } else {
         ContentInfo var19 = ContentInfo.getInstance(var16);
         DERObjectIdentifier var20 = var19.getContentType();
         DERObjectIdentifier var21 = signedData;
         if(!var20.equals(var21)) {
            StringBuilder var22 = (new StringBuilder()).append("Not a valid PKCS#7 signed-data object - wrong header ");
            String var23 = var19.getContentType().getId();
            String var24 = var22.append(var23).toString();
            throw new SecurityException(var24);
         } else {
            SignedData var25 = SignedData.getInstance(var19.getContent());
            ArrayList var26 = new ArrayList();
            this.certs = var26;
            Enumeration var27;
            if(var25.getCertificates() != null) {
               var27 = ASN1Set.getInstance(var25.getCertificates()).getObjects();

               while(var27.hasMoreElements()) {
                  try {
                     Collection var28 = this.certs;
                     X509CertificateStructure var29 = X509CertificateStructure.getInstance(var27.nextElement());
                     X509CertificateObject var30 = new X509CertificateObject(var29);
                     var28.add(var30);
                  } catch (CertificateParsingException var80) {
                     String var32 = var80.toString();
                     throw new SecurityException(var32);
                  }
               }
            }

            ArrayList var33 = new ArrayList();
            this.crls = var33;
            if(var25.getCRLs() != null) {
               var27 = ASN1Set.getInstance(var25.getCRLs()).getObjects();

               while(var27.hasMoreElements()) {
                  Collection var34 = this.crls;
                  CertificateList var35 = CertificateList.getInstance(var27.nextElement());
                  X509CRLObject var36 = new X509CRLObject(var35);
                  var34.add(var36);
               }
            }

            int var38 = var25.getVersion().getValue().intValue();
            this.version = var38;
            HashSet var39 = new HashSet();
            this.digestalgos = var39;
            Enumeration var40 = var25.getDigestAlgorithms().getObjects();

            while(var40.hasMoreElements()) {
               ASN1Sequence var41 = (ASN1Sequence)var40.nextElement();
               byte var42 = 0;
               DERObjectIdentifier var43 = (DERObjectIdentifier)var41.getObjectAt(var42);
               Set var44 = this.digestalgos;
               String var45 = var43.getId();
               var44.add(var45);
            }

            ASN1Set var47 = var25.getSignerInfos();
            int var48 = var47.size();
            byte var49 = 1;
            if(var48 != var49) {
               throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
            } else {
               SignerInfo var50 = SignerInfo.getInstance(var47.getObjectAt(0));
               int var51 = var50.getVersion().getValue().intValue();
               this.signerversion = var51;
               IssuerAndSerialNumber var52 = var50.getIssuerAndSerialNumber();
               BigInteger var53 = var52.getCertificateSerialNumber().getValue();
               X509Principal var54 = new X509Principal;
               X509Name var55 = var52.getName();
               var54.<init>(var55);
               Iterator var58 = this.certs.iterator();

               while(var58.hasNext()) {
                  X509Certificate var59 = (X509Certificate)var58.next();
                  BigInteger var60 = var59.getSerialNumber();
                  if(var53.equals(var60)) {
                     Principal var63 = var59.getIssuerDN();
                     if(var54.equals(var63)) {
                        this.signCert = var59;
                        break;
                     }
                  }
               }

               if(this.signCert == null) {
                  StringBuilder var67 = (new StringBuilder()).append("Can\'t find signing certificate with serial ");
                  byte var69 = 16;
                  String var70 = var53.toString(var69);
                  String var71 = var67.append(var70).toString();
                  throw new SecurityException(var71);
               } else {
                  String var72 = var50.getDigestAlgorithm().getObjectId().getId();
                  this.digestAlgorithm = var72;
                  byte[] var73 = var50.getEncryptedDigest().getOctets();
                  this.digest = var73;
                  String var74 = var50.getDigestEncryptionAlgorithm().getObjectId().getId();
                  this.digestEncryptionAlgorithm = var74;
                  String var75 = this.getDigestAlgorithm();
                  Signature var77 = Signature.getInstance(var75, var2);
                  this.sig = var77;
                  Signature var78 = this.sig;
                  PublicKey var79 = this.signCert.getPublicKey();
                  var78.initVerify(var79);
               }
            }