public void testBasicAS2() throws Exception {
    MimeMessage message = loadMessage("basicAS2.message");

    SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testSHA1withDSA() throws Exception {
    dsaSignKP = CMSTestUtil.makeDsaKeyPair();
    dsaSignCert = CMSTestUtil.makeCertificate(dsaSignKP, _origDN, dsaSignKP, _origDN);

    dsaOrigKP = CMSTestUtil.makeDsaKeyPair();
    dsaOrigCert = CMSTestUtil.makeCertificate(dsaOrigKP, _signDN, dsaSignKP, _origDN);

    List certList = new ArrayList();

    certList.add(dsaOrigCert);
    certList.add(dsaSignCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider("BC")
            .build("SHA1withDSA", dsaOrigKP.getPrivate(), dsaOrigCert));
    gen.addCertificates(certs);

    MimeMultipart smm = gen.generate(msg);
    SMIMESigned s = new SMIMESigned(smm);

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testExtraNlInPostamble() throws Exception {
    MimeMessage message = loadMessage("extra-nl.eml");

    SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testSignAttachmentOnly() throws Exception {
    MimeMessage m = loadMessage("attachonly.eml");

    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider(BC)
            .setSignedAttributeGenerator(new AttributeTable(signedAttrs))
            .build("SHA1withRSA", _signKP.getPrivate(), _signCert));
    gen.addCertificates(certs);

    MimeMultipart mm = gen.generate(m);

    SMIMESigned s = new SMIMESigned(mm);

    verifySigners(s.getCertificates(), s.getSignerInfos());

    SMIMESignedParser sp =
        new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), mm);

    verifySigners(sp.getCertificates(), sp.getSignerInfos());
  }
  public void testMultiAlternative() throws Exception {
    MimeMessage message = loadMessage("multi-alternative.eml");

    SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testMimeMultipartBinaryReader() throws Exception {
    MimeBodyPart m = createMultipartMessage();

    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider(BC)
            .setSignedAttributeGenerator(new AttributeTable(signedAttrs))
            .build("SHA1withRSA", _signKP.getPrivate(), _signCert));
    gen.addCertificates(certs);

    MimeMultipart mm = gen.generate(m);

    SMIMESigned s = new SMIMESigned(mm, "binary");

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testSHA1WithRSAEncapsulated() throws Exception {
    MimeBodyPart res = generateEncapsulatedRsa("SHA1withRSA", msg);
    SMIMESigned s = new SMIMESigned(res);

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testSHA1WithRSA() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testGOST3411WithECGOST3410() throws Exception {
    MimeMultipart smm = generateMultiPartECGost(msg);
    SMIMESigned s = new SMIMESigned(smm);

    assertEquals("gostr3411-94", getMicAlg(smm));
    assertEquals(getDigestOid(s.getSignerInfos()), CryptoProObjectIdentifiers.gostR3411.getId());

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testRIPEMD160WithRSA() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("RIPEMD160withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    assertEquals("unknown", getMicAlg(smm));
    assertEquals(getDigestOid(s.getSignerInfos()), TeleTrusTObjectIdentifiers.ripemd160.toString());

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testSHA512WithRSARfc3851() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("SHA512withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    assertEquals("sha512", getMicAlg(smm));
    assertEquals(getDigestOid(s.getSignerInfos()), NISTObjectIdentifiers.id_sha512.toString());

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void testMD5WithRSA() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("MD5withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    assertEquals("md5", getMicAlg(smm));
    assertEquals(getDigestOid(s.getSignerInfos()), PKCSObjectIdentifiers.md5.toString());

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());
  }
  public void multipartMixedTest(MimeBodyPart part1, MimeBodyPart part2) throws Exception {
    MimeMultipart mp = new MimeMultipart();

    mp.addBodyPart(part1);
    mp.addBodyPart(part2);

    MimeBodyPart m = new MimeBodyPart();

    m.setContent(mp);

    MimeMultipart smm =
        generateMultiPartRsa("SHA1withRSA", m, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    verifySigners(s.getCertificates(), s.getSignerInfos());

    AttributeTable attr =
        ((SignerInformation) s.getSignerInfos().getSigners().iterator().next())
            .getSignedAttributes();

    Attribute a = attr.get(CMSAttributes.messageDigest);
    byte[] contentDigest =
        ASN1OctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets();

    mp = (MimeMultipart) m.getContent();
    ContentType contentType = new ContentType(mp.getContentType());
    String boundary = "--" + contentType.getParameter("boundary");

    ByteArrayOutputStream bOut = new ByteArrayOutputStream();
    LineOutputStream lOut = new LineOutputStream(bOut);

    Enumeration headers = m.getAllHeaderLines();
    while (headers.hasMoreElements()) {
      lOut.writeln((String) headers.nextElement());
    }

    lOut.writeln(); // CRLF separator

    lOut.writeln(boundary);
    writePart(mp.getBodyPart(0), bOut);
    lOut.writeln(); // CRLF terminator

    lOut.writeln(boundary);
    writePart(mp.getBodyPart(1), bOut);
    lOut.writeln();

    lOut.writeln(boundary + "--");

    MessageDigest dig = MessageDigest.getInstance("SHA1", BC);

    assertTrue(Arrays.equals(contentDigest, dig.digest(bOut.toByteArray())));
  }
Beispiel #14
0
  /** verify the signature (assuming the cert is contained in the message) */
  private static void verify(SMIMESigned s) throws Exception {
    //
    // extract the information to verify the signatures.
    //

    //
    // certificates and crls passed in the signature
    //
    Store certs = s.getCertificates();

    //
    // SignerInfo blocks which contain the signatures
    //
    SignerInformationStore signers = s.getSignerInfos();

    Collection c = signers.getSigners();
    Iterator it = c.iterator();

    //
    // check each signer
    //
    while (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      Collection certCollection = certs.getMatches(signer.getSID());

      Iterator certIt = certCollection.iterator();
      X509Certificate cert =
          new JcaX509CertificateConverter()
              .setProvider(BC)
              .getCertificate((X509CertificateHolder) certIt.next());

      //
      // verify that the sig is correct and that it was generated
      // when the certificate was current
      //
      if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert))) {
        System.out.println("signature verified");
      } else {
        System.out.println("signature failed!");
      }
    }
  }
  public void testCertificateManagement() throws Exception {
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addCertificates(certs);

    MimeBodyPart smm = gen.generateCertificateManagement();

    SMIMESigned s = new SMIMESigned(smm);

    certs = s.getCertificates();

    assertEquals(2, certs.getMatches(null).size());
  }
  public void testWithAttributeCertificate() throws Exception {
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider(BC)
            .setSignedAttributeGenerator(
                new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttrs)))
            .build("SHA256withRSA", _signKP.getPrivate(), _signCert));

    gen.addCertificates(certs);

    X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate();

    List attrCertList = new ArrayList();

    attrCertList.add(attrCert);

    Store store = new CollectionStore(attrCertList);

    gen.addAttributeCertificates(store);

    SMIMESigned s = new SMIMESigned(gen.generateEncapsulated(msg));

    verifyMessageBytes(msg, s.getContent());

    verifySigners(s.getCertificates(), s.getSignerInfos());

    Store attrCerts = s.getAttributeCertificates();

    assertTrue(attrCerts.getMatches(null).contains(attrCert));
  }
  public void testMD5WithRSAAddSignersSHA1() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.STANDARD_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    assertEquals("sha-1", getMicAlg(smm));

    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider(BC)
            .build("MD5withRSA", _signKP.getPrivate(), _signCert));

    gen.addSigners(s.getSignerInfos());

    gen.addCertificates(certs);

    smm = gen.generate(msg);

    SMIMESigned newS = new SMIMESigned(gen.generate(msg));

    verifyMessageBytes(msg, newS.getContent());

    verifySigners(newS.getCertificates(), newS.getSignerInfos());

    assertEquals("\"md5,sha-1\"", getMicAlg(smm));
  }
  public void testDoubleNlCanonical() throws Exception {
    MimeMessage message = loadMessage("3nnn_smime.eml");

    SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());

    Collection c = s.getSignerInfos().getSigners();
    Iterator it = c.iterator();

    while (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      Collection certCollection = s.getCertificates().getMatches(signer.getSID());

      Iterator certIt = certCollection.iterator();
      X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();

      // in this case the sig is invalid, but it's the lack of an exception from the content digest
      // we're looking for
      Assert.assertFalse(
          signer.verify(
              new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder)));
    }
  }
  public void testMimeMultipart() throws Exception {
    MimeBodyPart m = createMultipartMessage();

    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    ASN1EncodableVector signedAttrs = generateSignedAttributes();

    SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider(BC)
            .setSignedAttributeGenerator(new AttributeTable(signedAttrs))
            .build("SHA1withRSA", _signKP.getPrivate(), _signCert));
    gen.addCertificates(certs);

    MimeMultipart mm = gen.generate(m);

    SMIMESigned s = new SMIMESigned(mm);

    verifySigners(s.getCertificates(), s.getSignerInfos());

    byte[] contentDigest = (byte[]) gen.getGeneratedDigests().get(SMIMESignedGenerator.DIGEST_SHA1);

    AttributeTable table =
        ((SignerInformation) s.getSignerInfos().getSigners().iterator().next())
            .getSignedAttributes();
    Attribute hash = table.get(CMSAttributes.messageDigest);

    assertTrue(
        MessageDigest.isEqual(
            contentDigest, ((ASN1OctetString) hash.getAttrValues().getObjectAt(0)).getOctets()));
  }
  public void testSHA1WithRSAAddSigners() throws Exception {
    MimeMultipart smm =
        generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
    SMIMESigned s = new SMIMESigned(smm);

    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_origCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSigners(s.getSignerInfos());

    gen.addCertificates(certs);

    SMIMESigned newS = new SMIMESigned(gen.generate(msg));

    verifyMessageBytes(msg, newS.getContent());

    verifySigners(newS.getCertificates(), newS.getSignerInfos());
  }
Beispiel #21
0
  /*
   * test compressing and uncompressing of a multipart-signed message.
   */
  public void testCompressedSHA1WithRSA() throws Exception {
    List certList = new ArrayList();

    certList.add(origCert);
    certList.add(signCert);

    Store certs = new JcaCertStore(certList);

    ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
    SMIMECapabilityVector caps = new SMIMECapabilityVector();

    caps.addCapability(SMIMECapability.dES_EDE3_CBC);
    caps.addCapability(SMIMECapability.rC2_CBC, 128);
    caps.addCapability(SMIMECapability.dES_CBC);

    signedAttrs.add(new SMIMECapabilitiesAttribute(caps));

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(
        new JcaSimpleSignerInfoGeneratorBuilder()
            .setProvider("BC")
            .setSignedAttributeGenerator(new AttributeTable(signedAttrs))
            .build("SHA1withRSA", origKP.getPrivate(), origCert));

    gen.addCertificates(certs);

    MimeMultipart smp = gen.generate(msg);

    MimeMessage bp2 = new MimeMessage((Session) null);

    bp2.setContent(smp);

    bp2.saveChanges();

    SMIMECompressedGenerator cgen = new SMIMECompressedGenerator();

    MimeBodyPart cbp = cgen.generate(bp2, new ZlibCompressor());

    SMIMECompressed cm = new SMIMECompressed(cbp);

    MimeMultipart mm =
        (MimeMultipart)
            SMIMEUtil.toMimeBodyPart(cm.getContent(new ZlibExpanderProvider())).getContent();

    SMIMESigned s = new SMIMESigned(mm);

    ByteArrayOutputStream _baos = new ByteArrayOutputStream();
    msg.writeTo(_baos);
    _baos.close();
    byte[] _msgBytes = _baos.toByteArray();
    _baos = new ByteArrayOutputStream();
    s.getContent().writeTo(_baos);
    _baos.close();
    byte[] _resBytes = _baos.toByteArray();

    assertEquals(true, Arrays.areEqual(_msgBytes, _resBytes));

    certs = s.getCertificates();

    SignerInformationStore signers = s.getSignerInfos();
    Collection c = signers.getSigners();
    Iterator it = c.iterator();

    while (it.hasNext()) {
      SignerInformation signer = (SignerInformation) it.next();
      Collection certCollection = certs.getMatches(signer.getSID());

      Iterator certIt = certCollection.iterator();
      X509CertificateHolder cert = (X509CertificateHolder) certIt.next();

      assertEquals(
          true,
          signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
    }
  }
Beispiel #22
0
  public static void main(String[] args) throws Exception {
    //
    // Get a Session object with the default properties.
    //
    Properties props = System.getProperties();

    Session session = Session.getDefaultInstance(props, null);

    MimeMessage msg = new MimeMessage(session, new FileInputStream("signed.message"));

    //
    // make sure this was a multipart/signed message - there should be
    // two parts as we have one part for the content that was signed and
    // one part for the actual signature.
    //
    if (msg.isMimeType("multipart/signed")) {
      SMIMESigned s = new SMIMESigned((MimeMultipart) msg.getContent());

      //
      // extract the content
      //
      MimeBodyPart content = s.getContent();

      System.out.println("Content:");

      Object cont = content.getContent();

      if (cont instanceof String) {
        System.out.println((String) cont);
      } else if (cont instanceof Multipart) {
        Multipart mp = (Multipart) cont;
        int count = mp.getCount();
        for (int i = 0; i < count; i++) {
          BodyPart m = mp.getBodyPart(i);
          Object part = m.getContent();

          System.out.println("Part " + i);
          System.out.println("---------------------------");

          if (part instanceof String) {
            System.out.println((String) part);
          } else {
            System.out.println("can't print...");
          }
        }
      }

      System.out.println("Status:");

      verify(s);
    } else if (msg.isMimeType("application/pkcs7-mime")
        || msg.isMimeType("application/x-pkcs7-mime")) {
      //
      // in this case the content is wrapped in the signature block.
      //
      SMIMESigned s = new SMIMESigned(msg);

      //
      // extract the content
      //
      MimeBodyPart content = s.getContent();

      System.out.println("Content:");

      Object cont = content.getContent();

      if (cont instanceof String) {
        System.out.println((String) cont);
      }

      System.out.println("Status:");

      verify(s);
    } else {
      System.err.println("Not a signed message!");
    }
  }