public ASN1Sequence generateRecipientEncryptedKeys(
AlgorithmIdentifier keyAgreeAlgorithm,
AlgorithmIdentifier keyEncryptionAlgorithm,
GenericKey contentEncryptionKey)
throws CMSException {
init(keyAgreeAlgorithm.getAlgorithm());
PrivateKey senderPrivateKey = this.senderPrivateKey;
ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) {
senderPrivateKey =
new MQVPrivateKeySpec(
senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic());
}
ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
for (int i = 0; i != recipientIDs.size(); i++) {
PublicKey recipientPublicKey = (PublicKey) recipientKeys.get(i);
KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier) recipientIDs.get(i);
if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) {
recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey);
}
try {
// Use key agreement to choose a wrap key for this recipient
KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID);
keyAgreement.init(senderPrivateKey, random);
keyAgreement.doPhase(recipientPublicKey, true);
SecretKey keyEncryptionKey =
keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId());
// Wrap the content encryption key with the agreement key
Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm());
keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey));
ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes);
recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
} catch (GeneralSecurityException e) {
throw new CMSException("cannot perform agreement step: " + e.getMessage(), e);
}
}
return new DERSequence(recipientEncryptedKeys);
}
private void rawModeTest(
String sigName,
ASN1ObjectIdentifier digestOID,
PrivateKey privKey,
PublicKey pubKey,
SecureRandom random)
throws Exception {
byte[] sampleMessage = new byte[1000 + random.nextInt(100)];
random.nextBytes(sampleMessage);
Signature normalSig = Signature.getInstance(sigName, "BC");
normalSig.initSign(privKey);
normalSig.update(sampleMessage);
byte[] normalResult = normalSig.sign();
MessageDigest digest = MessageDigest.getInstance(digestOID.getId(), "BC");
byte[] hash = digest.digest(sampleMessage);
byte[] digInfo = derEncode(digestOID, hash);
Signature rawSig = Signature.getInstance("RSA", "BC");
rawSig.initSign(privKey);
rawSig.update(digInfo);
byte[] rawResult = rawSig.sign();
if (!Arrays.areEqual(normalResult, rawResult)) {
fail("raw mode signature differs from normal one");
}
rawSig.initVerify(pubKey);
rawSig.update(digInfo);
if (!rawSig.verify(rawResult)) {
fail("raw mode signature verification failed");
}
}
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = System.getProperty("line.separator");
buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl);
buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl);
buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl);
Extensions extensions = c.getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" crlEntryExtensions:").append(nl);
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null) {
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(X509Extension.reasonCode)) {
buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject())))
.append(nl);
} else if (oid.equals(X509Extension.certificateIssuer)) {
buf.append("Certificate issuer: ")
.append(GeneralNames.getInstance(dIn.readObject()))
.append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
}
return buf.toString();
}
private Set getExtensionOIDs(boolean critical) {
Extensions extensions = c.getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (critical == ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
return null;
}