private static MimeMultipart signMessage(MimeBodyPart mbp) throws Exception { // Open the key store char[] pwd = "password".toCharArray(); KeyStore ks = MailsterKeyStoreFactory.loadKeyStore("PKCS12", "clients.p12", pwd); String alias = MailsterKeyStoreFactory.DEFAULT_CERT_ALIAS; Certificate[] chain = ks.getCertificateChain(alias); PrivateKey privateKey = (PrivateKey) ks.getKey(alias, pwd); ArrayList<Certificate> certList = new ArrayList<Certificate>(); for (int i = 0; i < chain.length; i++) certList.add(chain[i]); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); caps.addCapability(SMIMECapability.aES256_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); SMIMESignedGenerator gen = new SMIMESignedGenerator(); gen.addSigner(privateKey, (X509Certificate) chain[0], SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null); gen.addCertificatesAndCRLs(certs); return gen.generate(mbp, "BC"); }
private ASN1EncodableVector generateSignedAttributes() { ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); return signedAttrs; }
@PublicAtsApi public Package sign( Package sourcePackage ) throws ActionException { try { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } KeyStore ks = getKeystore(); PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray()); X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN); /* Create the SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); ASN1EncodableVector attributes = new ASN1EncodableVector(); attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name( (cer).getIssuerDN() .getName()), cer.getSerialNumber()))); attributes.add(new SMIMECapabilitiesAttribute(capabilities)); if (signatureAlgorithm == null) { signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA"; } SMIMESignedGenerator signer = new SMIMESignedGenerator(); JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder(); signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME); signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes)); signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, cer)); /* Add the list of certs to the generator */ List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(cer); Store<?> certs = new JcaCertStore(certList); signer.addCertificates(certs); /* Sign the message */ Session session = Session.getDefaultInstance(System.getProperties(), null); MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage)); MimeMessage signedMessage = new MimeMessage(session); /* Set all original MIME headers in the signed message */ Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines(); while (headers.hasMoreElements()) { signedMessage.addHeaderLine((String) headers.nextElement()); } /* Set the content of the signed message */ signedMessage.setContent(mm); signedMessage.saveChanges(); return new MimePackage(signedMessage); } catch (Exception e) { throw new ActionException(EXCEPTION_WHILE_SIGNING, e); } }
private MimeBodyPart signMessage(MimeBodyPart bodyPart) throws Exception{ X509Certificate cert = partnershipDVO.getVerifyX509Certificate(); /* Create the SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); ASN1EncodableVector attributes = new ASN1EncodableVector(); attributes.add(new SMIMEEncryptionKeyPreferenceAttribute( new IssuerAndSerialNumber(new X509Name(cert.getIssuerDN().getName()), cert.getSerialNumber())) ); attributes.add(new SMIMECapabilitiesAttribute(capabilities)); SMIMESignedGenerator signer = new SMIMESignedGenerator(); signer.setContentTransferEncoding("base64"); signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(SECURITY_PROVIDER) .setSignedAttributeGenerator(new AttributeTable(attributes)) .build("SHA1withRSA", keyMan.getPrivateKey(), partnershipDVO.getVerifyX509Certificate())); // Add the list of certs to the generator ArrayList certList = new ArrayList(); certList.add(cert); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); signer.addCertificates(new JcaCertStore(certList)); // Sign body part MimeMultipart mm = signer.generate(bodyPart); InternetHeaders headers = new InternetHeaders(); boolean isContentTypeFolded = new Boolean(System.getProperty("mail.mime.foldtext","true")).booleanValue(); headers.setHeader("Content-Type", isContentTypeFolded? mm.getContentType():mm.getContentType().replaceAll("\\s", " ")); ByteArrayOutputStream baos = new ByteArrayOutputStream(); mm.writeTo(baos); MimeBodyPart signedPart = new MimeBodyPart(headers, baos.toByteArray()); return signedPart; }
public void sign(X509Certificate cert, PrivateKey privateKey, String digestAlg) throws SFRMException { try { /* Create the SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); SMIMESignedGenerator signer = new SMIMESignedGenerator(); signer.setContentTransferEncoding("binary"); String signerDigestAlg = ""; if (digestAlg.equalsIgnoreCase(ALG_SIGN_MD5)) signerDigestAlg = "MD5withRSA"; else if (digestAlg.equalsIgnoreCase(ALG_SIGN_SHA1)) signerDigestAlg = "SHA1withRSA"; else throw new SFRMException("Encryption algorihtm error - " + digestAlg); signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder() .setProvider(SECURITY_PROVIDER) .build(signerDigestAlg, privateKey, cert)); /* Add the list of certs to the generator */ ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(cert); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); // signer.addCertificatesAndCRLs(certs); signer.addCertificates(new JcaCertStore(certList)); /* Sign the body part */ MimeMultipart mm = signer.generate(bodyPart); InternetHeaders headers = new InternetHeaders(); headers.setHeader("Content-Type", mm.getContentType()); ByteArrayOutputStream baos = new ByteArrayOutputStream(); mm.writeTo(baos); this.bodyPart = new MimeBodyPart(headers, baos.toByteArray()); this.setIsSigned(true); } catch (org.bouncycastle.mail.smime.SMIMEException ex) { throw new SFRMException("Unable to sign body part", ex.getUnderlyingException()); } catch (Exception e) { throw new SFRMException("Unable to sign body part", e); } }
public TestResult perform() { SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); SMIMECapabilitiesAttribute attr = new SMIMECapabilitiesAttribute(caps); SMIMEEncryptionKeyPreferenceAttribute pref = new SMIMEEncryptionKeyPreferenceAttribute( new RecipientKeyIdentifier(new DEROctetString(new byte[8]), new DERGeneralizedTime("20070315173729Z"), null)); try { if (!isSameAs(attr.getEncoded(), attrBytes)) { return new SimpleTestResult(false, getName() + ": Failed attr data check"); } ByteArrayInputStream bIn = new ByteArrayInputStream(attrBytes); ASN1InputStream aIn = new ASN1InputStream(bIn); ASN1Primitive o = aIn.readObject(); if (!attr.equals(o)) { return new SimpleTestResult(false, getName() + ": Failed equality test for attr"); } if (!isSameAs(pref.getEncoded(), prefBytes)) { return new SimpleTestResult(false, getName() + ": Failed attr data check"); } bIn = new ByteArrayInputStream(prefBytes); aIn = new ASN1InputStream(bIn); o = aIn.readObject(); if (!pref.equals(o)) { return new SimpleTestResult(false, getName() + ": Failed equality test for pref"); } return new SimpleTestResult(true, getName() + ": Okay"); } catch (Exception e) { return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e); } }
public void testCompressedSHA1WithRSA() throws Exception { List certList = new ArrayList(); certList.add(origCert); certList.add(signCert); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); SMIMESignedGenerator gen = new SMIMESignedGenerator(); gen.addSigner(origKP.getPrivate(), origCert, SMIMESignedGenerator.DIGEST_SHA1, new AttributeTable(signedAttrs), null); gen.addCertificatesAndCRLs(certs); MimeMultipart smp = gen.generate(msg, "BC"); MimeMessage bp2 = new MimeMessage((Session)null); bp2.setContent(smp); bp2.saveChanges(); SMIMECompressedGenerator cgen = new SMIMECompressedGenerator(); MimeBodyPart cbp = cgen.generate(bp2, SMIMECompressedGenerator.ZLIB); SMIMECompressed cm = new SMIMECompressed(cbp); MimeMultipart mm = (MimeMultipart)SMIMEUtil.toMimeBodyPart(cm.getContent()).getContent(); SMIMESigned s = new SMIMESigned(mm); ByteArrayOutputStream _baos = new ByteArrayOutputStream(); msg.writeTo(_baos); _baos.close(); byte[] _msgBytes = _baos.toByteArray(); _baos = new ByteArrayOutputStream(); s.getContent().writeTo(_baos); _baos.close(); byte[] _resBytes = _baos.toByteArray(); assertEquals(true, Arrays.areEqual(_msgBytes, _resBytes)); certs = s.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = s.getSignerInfos(); Collection c = signers.getSigners(); Iterator it = c.iterator(); while (it.hasNext()) { SignerInformation signer = (SignerInformation)it.next(); Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); Iterator certIt = certCollection.iterator(); X509Certificate cert = (X509Certificate)certIt.next(); assertEquals(true, signer.verify(cert, "BC")); } }