public void testBasicAS2() throws Exception {
MimeMessage message = loadMessage("basicAS2.message");
SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testSHA1withDSA() throws Exception {
dsaSignKP = CMSTestUtil.makeDsaKeyPair();
dsaSignCert = CMSTestUtil.makeCertificate(dsaSignKP, _origDN, dsaSignKP, _origDN);
dsaOrigKP = CMSTestUtil.makeDsaKeyPair();
dsaOrigCert = CMSTestUtil.makeCertificate(dsaOrigKP, _signDN, dsaSignKP, _origDN);
List certList = new ArrayList();
certList.add(dsaOrigCert);
certList.add(dsaSignCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider("BC")
.build("SHA1withDSA", dsaOrigKP.getPrivate(), dsaOrigCert));
gen.addCertificates(certs);
MimeMultipart smm = gen.generate(msg);
SMIMESigned s = new SMIMESigned(smm);
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testExtraNlInPostamble() throws Exception {
MimeMessage message = loadMessage("extra-nl.eml");
SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testSignAttachmentOnly() throws Exception {
MimeMessage m = loadMessage("attachonly.eml");
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
ASN1EncodableVector signedAttrs = generateSignedAttributes();
SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider(BC)
.setSignedAttributeGenerator(new AttributeTable(signedAttrs))
.build("SHA1withRSA", _signKP.getPrivate(), _signCert));
gen.addCertificates(certs);
MimeMultipart mm = gen.generate(m);
SMIMESigned s = new SMIMESigned(mm);
verifySigners(s.getCertificates(), s.getSignerInfos());
SMIMESignedParser sp =
new SMIMESignedParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), mm);
verifySigners(sp.getCertificates(), sp.getSignerInfos());
}
public void testMultiAlternative() throws Exception {
MimeMessage message = loadMessage("multi-alternative.eml");
SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testMimeMultipartBinaryReader() throws Exception {
MimeBodyPart m = createMultipartMessage();
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
ASN1EncodableVector signedAttrs = generateSignedAttributes();
SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider(BC)
.setSignedAttributeGenerator(new AttributeTable(signedAttrs))
.build("SHA1withRSA", _signKP.getPrivate(), _signCert));
gen.addCertificates(certs);
MimeMultipart mm = gen.generate(m);
SMIMESigned s = new SMIMESigned(mm, "binary");
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testSHA1WithRSAEncapsulated() throws Exception {
MimeBodyPart res = generateEncapsulatedRsa("SHA1withRSA", msg);
SMIMESigned s = new SMIMESigned(res);
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testSHA1WithRSA() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testGOST3411WithECGOST3410() throws Exception {
MimeMultipart smm = generateMultiPartECGost(msg);
SMIMESigned s = new SMIMESigned(smm);
assertEquals("gostr3411-94", getMicAlg(smm));
assertEquals(getDigestOid(s.getSignerInfos()), CryptoProObjectIdentifiers.gostR3411.getId());
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testRIPEMD160WithRSA() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("RIPEMD160withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
assertEquals("unknown", getMicAlg(smm));
assertEquals(getDigestOid(s.getSignerInfos()), TeleTrusTObjectIdentifiers.ripemd160.toString());
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testSHA512WithRSARfc3851() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("SHA512withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
assertEquals("sha512", getMicAlg(smm));
assertEquals(getDigestOid(s.getSignerInfos()), NISTObjectIdentifiers.id_sha512.toString());
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void testMD5WithRSA() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("MD5withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
assertEquals("md5", getMicAlg(smm));
assertEquals(getDigestOid(s.getSignerInfos()), PKCSObjectIdentifiers.md5.toString());
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
}
public void multipartMixedTest(MimeBodyPart part1, MimeBodyPart part2) throws Exception {
MimeMultipart mp = new MimeMultipart();
mp.addBodyPart(part1);
mp.addBodyPart(part2);
MimeBodyPart m = new MimeBodyPart();
m.setContent(mp);
MimeMultipart smm =
generateMultiPartRsa("SHA1withRSA", m, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
verifySigners(s.getCertificates(), s.getSignerInfos());
AttributeTable attr =
((SignerInformation) s.getSignerInfos().getSigners().iterator().next())
.getSignedAttributes();
Attribute a = attr.get(CMSAttributes.messageDigest);
byte[] contentDigest =
ASN1OctetString.getInstance(a.getAttrValues().getObjectAt(0)).getOctets();
mp = (MimeMultipart) m.getContent();
ContentType contentType = new ContentType(mp.getContentType());
String boundary = "--" + contentType.getParameter("boundary");
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
LineOutputStream lOut = new LineOutputStream(bOut);
Enumeration headers = m.getAllHeaderLines();
while (headers.hasMoreElements()) {
lOut.writeln((String) headers.nextElement());
}
lOut.writeln(); // CRLF separator
lOut.writeln(boundary);
writePart(mp.getBodyPart(0), bOut);
lOut.writeln(); // CRLF terminator
lOut.writeln(boundary);
writePart(mp.getBodyPart(1), bOut);
lOut.writeln();
lOut.writeln(boundary + "--");
MessageDigest dig = MessageDigest.getInstance("SHA1", BC);
assertTrue(Arrays.equals(contentDigest, dig.digest(bOut.toByteArray())));
}
/** verify the signature (assuming the cert is contained in the message) */
private static void verify(SMIMESigned s) throws Exception {
//
// extract the information to verify the signatures.
//
//
// certificates and crls passed in the signature
//
Store certs = s.getCertificates();
//
// SignerInfo blocks which contain the signatures
//
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
//
// check each signer
//
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509Certificate cert =
new JcaX509CertificateConverter()
.setProvider(BC)
.getCertificate((X509CertificateHolder) certIt.next());
//
// verify that the sig is correct and that it was generated
// when the certificate was current
//
if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert))) {
System.out.println("signature verified");
} else {
System.out.println("signature failed!");
}
}
}
public void testCertificateManagement() throws Exception {
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addCertificates(certs);
MimeBodyPart smm = gen.generateCertificateManagement();
SMIMESigned s = new SMIMESigned(smm);
certs = s.getCertificates();
assertEquals(2, certs.getMatches(null).size());
}
public void testWithAttributeCertificate() throws Exception {
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
ASN1EncodableVector signedAttrs = generateSignedAttributes();
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider(BC)
.setSignedAttributeGenerator(
new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttrs)))
.build("SHA256withRSA", _signKP.getPrivate(), _signCert));
gen.addCertificates(certs);
X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate();
List attrCertList = new ArrayList();
attrCertList.add(attrCert);
Store store = new CollectionStore(attrCertList);
gen.addAttributeCertificates(store);
SMIMESigned s = new SMIMESigned(gen.generateEncapsulated(msg));
verifyMessageBytes(msg, s.getContent());
verifySigners(s.getCertificates(), s.getSignerInfos());
Store attrCerts = s.getAttributeCertificates();
assertTrue(attrCerts.getMatches(null).contains(attrCert));
}
public void testMD5WithRSAAddSignersSHA1() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.STANDARD_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
assertEquals("sha-1", getMicAlg(smm));
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider(BC)
.build("MD5withRSA", _signKP.getPrivate(), _signCert));
gen.addSigners(s.getSignerInfos());
gen.addCertificates(certs);
smm = gen.generate(msg);
SMIMESigned newS = new SMIMESigned(gen.generate(msg));
verifyMessageBytes(msg, newS.getContent());
verifySigners(newS.getCertificates(), newS.getSignerInfos());
assertEquals("\"md5,sha-1\"", getMicAlg(smm));
}
public void testDoubleNlCanonical() throws Exception {
MimeMessage message = loadMessage("3nnn_smime.eml");
SMIMESigned s = new SMIMESigned((MimeMultipart) message.getContent());
Collection c = s.getSignerInfos().getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = s.getCertificates().getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder certHolder = (X509CertificateHolder) certIt.next();
// in this case the sig is invalid, but it's the lack of an exception from the content digest
// we're looking for
Assert.assertFalse(
signer.verify(
new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certHolder)));
}
}
public void testMimeMultipart() throws Exception {
MimeBodyPart m = createMultipartMessage();
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
ASN1EncodableVector signedAttrs = generateSignedAttributes();
SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider(BC)
.setSignedAttributeGenerator(new AttributeTable(signedAttrs))
.build("SHA1withRSA", _signKP.getPrivate(), _signCert));
gen.addCertificates(certs);
MimeMultipart mm = gen.generate(m);
SMIMESigned s = new SMIMESigned(mm);
verifySigners(s.getCertificates(), s.getSignerInfos());
byte[] contentDigest = (byte[]) gen.getGeneratedDigests().get(SMIMESignedGenerator.DIGEST_SHA1);
AttributeTable table =
((SignerInformation) s.getSignerInfos().getSigners().iterator().next())
.getSignedAttributes();
Attribute hash = table.get(CMSAttributes.messageDigest);
assertTrue(
MessageDigest.isEqual(
contentDigest, ((ASN1OctetString) hash.getAttrValues().getObjectAt(0)).getOctets()));
}
public void testSHA1WithRSAAddSigners() throws Exception {
MimeMultipart smm =
generateMultiPartRsa("SHA1withRSA", msg, SMIMESignedGenerator.RFC3851_MICALGS);
SMIMESigned s = new SMIMESigned(smm);
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_origCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSigners(s.getSignerInfos());
gen.addCertificates(certs);
SMIMESigned newS = new SMIMESigned(gen.generate(msg));
verifyMessageBytes(msg, newS.getContent());
verifySigners(newS.getCertificates(), newS.getSignerInfos());
}
/*
* test compressing and uncompressing of a multipart-signed message.
*/
public void testCompressedSHA1WithRSA() throws Exception {
List certList = new ArrayList();
certList.add(origCert);
certList.add(signCert);
Store certs = new JcaCertStore(certList);
ASN1EncodableVector signedAttrs = new ASN1EncodableVector();
SMIMECapabilityVector caps = new SMIMECapabilityVector();
caps.addCapability(SMIMECapability.dES_EDE3_CBC);
caps.addCapability(SMIMECapability.rC2_CBC, 128);
caps.addCapability(SMIMECapability.dES_CBC);
signedAttrs.add(new SMIMECapabilitiesAttribute(caps));
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(
new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider("BC")
.setSignedAttributeGenerator(new AttributeTable(signedAttrs))
.build("SHA1withRSA", origKP.getPrivate(), origCert));
gen.addCertificates(certs);
MimeMultipart smp = gen.generate(msg);
MimeMessage bp2 = new MimeMessage((Session) null);
bp2.setContent(smp);
bp2.saveChanges();
SMIMECompressedGenerator cgen = new SMIMECompressedGenerator();
MimeBodyPart cbp = cgen.generate(bp2, new ZlibCompressor());
SMIMECompressed cm = new SMIMECompressed(cbp);
MimeMultipart mm =
(MimeMultipart)
SMIMEUtil.toMimeBodyPart(cm.getContent(new ZlibExpanderProvider())).getContent();
SMIMESigned s = new SMIMESigned(mm);
ByteArrayOutputStream _baos = new ByteArrayOutputStream();
msg.writeTo(_baos);
_baos.close();
byte[] _msgBytes = _baos.toByteArray();
_baos = new ByteArrayOutputStream();
s.getContent().writeTo(_baos);
_baos.close();
byte[] _resBytes = _baos.toByteArray();
assertEquals(true, Arrays.areEqual(_msgBytes, _resBytes));
certs = s.getCertificates();
SignerInformationStore signers = s.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = certs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
assertEquals(
true,
signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
}
}
public static void main(String[] args) throws Exception {
//
// Get a Session object with the default properties.
//
Properties props = System.getProperties();
Session session = Session.getDefaultInstance(props, null);
MimeMessage msg = new MimeMessage(session, new FileInputStream("signed.message"));
//
// make sure this was a multipart/signed message - there should be
// two parts as we have one part for the content that was signed and
// one part for the actual signature.
//
if (msg.isMimeType("multipart/signed")) {
SMIMESigned s = new SMIMESigned((MimeMultipart) msg.getContent());
//
// extract the content
//
MimeBodyPart content = s.getContent();
System.out.println("Content:");
Object cont = content.getContent();
if (cont instanceof String) {
System.out.println((String) cont);
} else if (cont instanceof Multipart) {
Multipart mp = (Multipart) cont;
int count = mp.getCount();
for (int i = 0; i < count; i++) {
BodyPart m = mp.getBodyPart(i);
Object part = m.getContent();
System.out.println("Part " + i);
System.out.println("---------------------------");
if (part instanceof String) {
System.out.println((String) part);
} else {
System.out.println("can't print...");
}
}
}
System.out.println("Status:");
verify(s);
} else if (msg.isMimeType("application/pkcs7-mime")
|| msg.isMimeType("application/x-pkcs7-mime")) {
//
// in this case the content is wrapped in the signature block.
//
SMIMESigned s = new SMIMESigned(msg);
//
// extract the content
//
MimeBodyPart content = s.getContent();
System.out.println("Content:");
Object cont = content.getContent();
if (cont instanceof String) {
System.out.println((String) cont);
}
System.out.println("Status:");
verify(s);
} else {
System.err.println("Not a signed message!");
}
}
