Created
May 11, 2015 19:07
-
-
Save liweinan/a850344fd91c7cc5c368 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/jaxrs/security/resteasy-crypto/pom.xml b/jaxrs/security/resteasy-crypto/pom.xml | |
index 2f36cc4..a78637e 100755 | |
--- a/jaxrs/security/resteasy-crypto/pom.xml | |
+++ b/jaxrs/security/resteasy-crypto/pom.xml | |
@@ -52,15 +52,16 @@ | |
</dependency> | |
<dependency> | |
<groupId>org.bouncycastle</groupId> | |
- <artifactId>bcprov-jdk16</artifactId> | |
+ <artifactId>bcprov-jdk15on</artifactId> | |
</dependency> | |
<dependency> | |
<groupId>org.bouncycastle</groupId> | |
- <artifactId>bcmail-jdk16</artifactId> | |
+ <artifactId>bcmail-jdk15on</artifactId> | |
</dependency> | |
<dependency> | |
- <groupId>javax.mail</groupId> | |
- <artifactId>mail</artifactId> | |
+ <groupId>com.sun.mail</groupId> | |
+ <artifactId>javax.mail</artifactId> | |
+ <version>1.5.3</version> | |
</dependency> | |
<dependency> | |
<groupId>org.apache.james</groupId> | |
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java | |
index a2bf663..0bc140e 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java | |
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java | |
@@ -2,6 +2,8 @@ package org.jboss.resteasy.security.smime; | |
import org.bouncycastle.cms.RecipientInformation; | |
import org.bouncycastle.cms.RecipientInformationStore; | |
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; | |
+import org.bouncycastle.cms.jcajce.JceKeyTransRecipient; | |
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId; | |
import org.bouncycastle.mail.smime.SMIMEEnveloped; | |
import org.bouncycastle.mail.smime.SMIMEUtil; | |
@@ -158,8 +160,9 @@ public class EnvelopedInputImpl implements EnvelopedInput | |
RecipientInformationStore recipients = m.getRecipientInfos(); | |
RecipientInformation recipient = recipients.get(recId); | |
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(pKey); | |
- decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKey, "BC")); | |
+ decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp)); | |
} | |
catch (Exception e1) | |
{ | |
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java | |
index 18a214a..1ce2c63 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java | |
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java | |
@@ -2,6 +2,7 @@ package org.jboss.resteasy.security.smime; | |
import org.bouncycastle.cms.SignerInformation; | |
import org.bouncycastle.cms.SignerInformationStore; | |
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; | |
import org.bouncycastle.mail.smime.SMIMESigned; | |
import org.jboss.resteasy.util.GenericType; | |
@@ -157,7 +158,7 @@ public class MultipartSignedInputImpl implements SignedInput | |
SignerInformationStore signers = signed.getSignerInfos(); | |
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); | |
- return signer.verify(publicKey, "BC"); | |
+ return (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))); | |
} | |
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java | |
index a7a86d7..61db0fa 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java | |
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java | |
@@ -3,6 +3,8 @@ package org.jboss.resteasy.security.smime; | |
import org.bouncycastle.cms.CMSException; | |
import org.bouncycastle.cms.CMSSignedData; | |
import org.bouncycastle.cms.SignerInformation; | |
+import org.bouncycastle.cms.SignerInformationVerifier; | |
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; | |
import org.jboss.resteasy.specimpl.MultivaluedMapImpl; | |
import org.jboss.resteasy.util.Base64; | |
import org.jboss.resteasy.util.GenericType; | |
@@ -20,7 +22,7 @@ import java.security.cert.X509Certificate; | |
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> | |
* @version $Revision: 1 $ | |
*/ | |
-public class PKCS7SignatureInput<T> | |
+public class PKCS7SignatureInput<T> | |
{ | |
private PublicKey publicKey; | |
private X509Certificate certificate; | |
@@ -206,7 +208,9 @@ public class PKCS7SignatureInput<T> | |
for (Object info : data.getSignerInfos().getSigners()) | |
{ | |
SignerInformation signer = (SignerInformation)info; | |
- if (signer.verify(certificate, "BC")) | |
+ | |
+ | |
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(certificate))) | |
{ | |
return true; | |
} | |
@@ -218,7 +222,7 @@ public class PKCS7SignatureInput<T> | |
for (Object info : data.getSignerInfos().getSigners()) | |
{ | |
SignerInformation signer = (SignerInformation)info; | |
- if (signer.verify(publicKey, "BC")) | |
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(publicKey))) | |
{ | |
return true; | |
} | |
diff --git a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java | |
index f64f196..548498a 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java | |
+++ b/jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java | |
@@ -1,10 +1,13 @@ | |
package org.jboss.resteasy.security.smime; | |
-import org.bouncycastle.cms.CMSException; | |
-import org.bouncycastle.cms.CMSProcessable; | |
-import org.bouncycastle.cms.CMSProcessableByteArray; | |
-import org.bouncycastle.cms.CMSSignedData; | |
-import org.bouncycastle.cms.CMSSignedDataGenerator; | |
+import org.bouncycastle.cert.jcajce.JcaCertStore; | |
+import org.bouncycastle.cms.*; | |
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; | |
+import org.bouncycastle.operator.ContentSigner; | |
+import org.bouncycastle.operator.OperatorCreationException; | |
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; | |
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; | |
+import org.bouncycastle.util.Store; | |
import org.jboss.resteasy.security.BouncyIntegration; | |
import org.jboss.resteasy.specimpl.MultivaluedMapImpl; | |
import org.jboss.resteasy.spi.WriterException; | |
@@ -24,7 +27,10 @@ import java.lang.annotation.Annotation; | |
import java.lang.reflect.Type; | |
import java.security.NoSuchAlgorithmException; | |
import java.security.NoSuchProviderException; | |
+import java.security.cert.CertificateEncodingException; | |
import java.security.cert.X509Certificate; | |
+import java.util.ArrayList; | |
+import java.util.List; | |
/** | |
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> | |
@@ -70,8 +76,7 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput> | |
} | |
} | |
- public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException | |
- { | |
+ public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException { | |
ByteArrayOutputStream bodyOs = new ByteArrayOutputStream(); | |
MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType()); | |
if (writer == null) | |
@@ -82,11 +87,27 @@ public class PKCS7SignatureWriter implements MessageBodyWriter<SignedOutput> | |
bodyHeaders.add("Content-Type", out.getMediaType().toString()); | |
writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs); | |
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator(); | |
- signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1); | |
+ | |
+ | |
+ ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey()); | |
+ | |
+ signGen.addSignerInfoGenerator( | |
+ new JcaSignerInfoGeneratorBuilder( | |
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) | |
+ .build(sha1Signer, out.getCertificate())); | |
+ | |
+ List certList = new ArrayList(); | |
+ certList.add(out.getCertificate()); | |
+ Store certs = new JcaCertStore(certList); | |
+ signGen.addCertificates(certs); | |
+ | |
+// signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1); | |
+ | |
//signGen.addCertificatesAndCRLs(certs); | |
- CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray()); | |
+ CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray()); | |
+ | |
+ CMSSignedData signedData = signGen.generate(content, true); | |
- CMSSignedData signedData = signGen.generate(content, true, "BC"); | |
return signedData.getEncoded(); | |
} | |
} | |
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java | |
index a4d711d..0e4cbd0 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java | |
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/EnvelopedTest.java | |
@@ -6,9 +6,7 @@ import org.bouncycastle.cms.CMSException; | |
import org.bouncycastle.cms.RecipientId; | |
import org.bouncycastle.cms.RecipientInformation; | |
import org.bouncycastle.cms.RecipientInformationStore; | |
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; | |
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId; | |
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; | |
+import org.bouncycastle.cms.jcajce.*; | |
import org.bouncycastle.jce.provider.BouncyCastleProvider; | |
import org.bouncycastle.mail.smime.SMIMEEnveloped; | |
import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator; | |
@@ -129,7 +127,8 @@ public class EnvelopedTest | |
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC) | |
.setProvider("BC") | |
.build(); | |
- gen.addKeyTransRecipient(cert); | |
+ | |
+ gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider("BC")); | |
// | |
// generate a MimeBodyPart object which encapsulates the content | |
@@ -219,7 +218,9 @@ public class EnvelopedTest | |
RecipientInformationStore recipients = m.getRecipientInfos(); | |
RecipientInformation recipient = recipients.get(recId); | |
- return SMIMEUtil.toMimeBodyPart(recipient.getContent(privateKey, "BC")); | |
+ JceKeyTransRecipient pKeyRecp = new JceKeyTransEnvelopedRecipient(privateKey); | |
+ | |
+ return SMIMEUtil.toMimeBodyPart(recipient.getContent(pKeyRecp)); | |
} | |
diff --git a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java | |
index 63f84e7..f8ee26e 100644 | |
--- a/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java | |
+++ b/jaxrs/security/resteasy-crypto/src/test/java/org/jboss/resteasy/test/security/smime/SignedTest.java | |
@@ -4,6 +4,7 @@ import org.bouncycastle.cms.SignerInfoGenerator; | |
import org.bouncycastle.cms.SignerInformation; | |
import org.bouncycastle.cms.SignerInformationStore; | |
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; | |
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; | |
import org.bouncycastle.jce.provider.BouncyCastleProvider; | |
import org.bouncycastle.mail.smime.SMIMESigned; | |
import org.bouncycastle.mail.smime.SMIMESignedGenerator; | |
@@ -135,7 +136,7 @@ public class SignedTest | |
SignerInformationStore signers = signed.getSignerInfos(); | |
Assert.assertEquals(1, signers.size()); | |
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next(); | |
- Assert.assertTrue(signer.verify(cert.getPublicKey(), "BC")); | |
+ Assert.assertTrue(signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert.getPublicKey()))); | |
} | |
@Test |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment