Skip to content

Instantly share code, notes, and snippets.

@liweinan

liweinan/resteasy-smime-upgrade.patch

Created May 11, 2015 19:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save liweinan/a850344fd91c7cc5c368 to your computer and use it in GitHub Desktop.
Save liweinan/a850344fd91c7cc5c368 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
resteasy-smime-upgrade.patch
diff --git a/jaxrs/security/resteasy-crypto/pom.xml b/jaxrs/security/resteasy-crypto/pom.xml
index 2f36cc4..a78637e 100755
--- a/jaxrs/security/resteasy-crypto/pom.xml
+++ b/jaxrs/security/resteasy-crypto/pom.xml
@@ -52,15 +52,16 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk16</artifactId>
+ <artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcmail-jdk16</artifactId>
+ <artifactId>bcmail-jdk15on</artifactId>
</dependency>
<dependency>
- <groupId>javax.mail</groupId>
- <artifactId>mail</artifactId>
+ <groupId>com.sun.mail</groupId>
+ <artifactId>javax.mail</artifactId>
+ <version>1.5.3</version>
</dependency>
<dependency>
<groupId>org.apache.james</groupId>
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
index a2bf663..0bc140e 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
@@ -2,6 +2,8 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEUtil;
@@ -158,8 +160,9 @@ public class EnvelopedInputImpl implements EnvelopedInput
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(pKey);
- decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKey, "BC"));
+ decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp));
}
catch (Exception e1)
{
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
index 18a214a..1ce2c63 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
@@ -2,6 +2,7 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.jboss.resteasy.util.GenericType;
@@ -157,7 +158,7 @@ public class MultipartSignedInputImpl implements SignedInput
SignerInformationStore signers = signed.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
- return signer.verify(publicKey, "BC");
+ return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey)));
}
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
index a7a86d7..61db0fa 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
@@ -3,6 +3,8 @@ package org.jboss.resteasy.security.smime;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.util.Base64;
import org.jboss.resteasy.util.GenericType;
@@ -20,7 +22,7 @@ import java.security.cert.X509Certificate;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class PKCS7SignatureInput<T>
+public class PKCS7SignatureInput<T>
{
private PublicKey publicKey;
private X509Certificate certificate;
@@ -206,7 +208,9 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(certificate, "BC"))
+
+
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate)))
{
return true;
}
@@ -218,7 +222,7 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(publicKey, "BC"))
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey)))
{
return true;
}
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
index f64f196..548498a 100644
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
@@ -1,10 +1,13 @@
package org.jboss.resteasy.security.smime;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.cert.jcajce.JcaCertStore;
+import org.bouncycastle.cms.*;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.util.Store;
import org.jboss.resteasy.security.BouncyIntegration;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.WriterException;
@@ -24,7 +27,10 @@ import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -70,8 +76,7 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput>
}
}
- public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
+ public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException {
ByteArrayOutputStream bodyOs = new ByteArrayOutputStream();
MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType());
if (writer == null)
@@ -82,11 +87,27 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput>
bodyHeaders.add("Content-Type", out.getMediaType().toString());
writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs);
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
- signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
+
+
+ ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey());
+
+ signGen.addSignerInfoGenerator(
+ new JcaSignerInfoGeneratorBuilder(
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
+ .build(sha1Signer, out.getCertificate()));
+
+ List certList = new ArrayList();
+ certList.add(out.getCertificate());
+ Store certs = new JcaCertStore(certList);
+ signGen.addCertificates(certs);
+
+// signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
+
//signGen.addCertificatesAndCRLs(certs);
- CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray());
+ CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray());
+
+ CMSSignedData signedData = signGen.generate(content, true);
- CMSSignedData signedData = signGen.generate(content, true, "BC");
return signedData.getEncoded();
}
}
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
index a4d711d..0e4cbd0 100644
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java
@@ -6,9 +6,7 @@ import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.bouncycastle.cms.jcajce.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
@@ -129,7 +127,8 @@ public class EnvelopedTest
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC)
.setProvider("BC")
.build();
- gen.addKeyTransRecipient(cert);
+
+ gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC"));
//
// generate a MimeBodyPart object which encapsulates the content
@@ -219,7 +218,9 @@ public class EnvelopedTest
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
- return SMIMEUtil.toMimeBodyPart(recipient.getContent(privateKey, "BC"));
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(privateKey);
+
+ return SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp));
}
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
index 63f84e7..f8ee26e 100644
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java
@@ -4,6 +4,7 @@ import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.bouncycastle.mail.smime.SMIMESignedGenerator;
@@ -135,7 +136,7 @@ public class SignedTest
SignerInformationStore signers = signed.getSignerInfos();
Assert.assertEquals(1, signers.size());
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
- Assert.assertTrue(signer.verify(cert.getPublicKey(), "BC"));
+ Assert.assertTrue(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey())));
}
@Test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment