@PublicAtsApi public Package sign( Package sourcePackage ) throws ActionException { try { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { Security.addProvider(new BouncyCastleProvider()); } KeyStore ks = getKeystore(); PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray()); X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN); /* Create the SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); ASN1EncodableVector attributes = new ASN1EncodableVector(); attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name( (cer).getIssuerDN() .getName()), cer.getSerialNumber()))); attributes.add(new SMIMECapabilitiesAttribute(capabilities)); if (signatureAlgorithm == null) { signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA"; } SMIMESignedGenerator signer = new SMIMESignedGenerator(); JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder(); signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME); signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes)); signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, cer)); /* Add the list of certs to the generator */ List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(cer); Store<?> certs = new JcaCertStore(certList); signer.addCertificates(certs); /* Sign the message */ Session session = Session.getDefaultInstance(System.getProperties(), null); MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage)); MimeMessage signedMessage = new MimeMessage(session); /* Set all original MIME headers in the signed message */ Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines(); while (headers.hasMoreElements()) { signedMessage.addHeaderLine((String) headers.nextElement()); } /* Set the content of the signed message */ signedMessage.setContent(mm); signedMessage.saveChanges(); return new MimePackage(signedMessage); } catch (Exception e) { throw new ActionException(EXCEPTION_WHILE_SIGNING, e); } }
private MimeBodyPart signMessage(MimeBodyPart bodyPart) throws Exception{ X509Certificate cert = partnershipDVO.getVerifyX509Certificate(); /* Create the SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); ASN1EncodableVector attributes = new ASN1EncodableVector(); attributes.add(new SMIMEEncryptionKeyPreferenceAttribute( new IssuerAndSerialNumber(new X509Name(cert.getIssuerDN().getName()), cert.getSerialNumber())) ); attributes.add(new SMIMECapabilitiesAttribute(capabilities)); SMIMESignedGenerator signer = new SMIMESignedGenerator(); signer.setContentTransferEncoding("base64"); signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(SECURITY_PROVIDER) .setSignedAttributeGenerator(new AttributeTable(attributes)) .build("SHA1withRSA", keyMan.getPrivateKey(), partnershipDVO.getVerifyX509Certificate())); // Add the list of certs to the generator ArrayList certList = new ArrayList(); certList.add(cert); CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC"); signer.addCertificates(new JcaCertStore(certList)); // Sign body part MimeMultipart mm = signer.generate(bodyPart); InternetHeaders headers = new InternetHeaders(); boolean isContentTypeFolded = new Boolean(System.getProperty("mail.mime.foldtext","true")).booleanValue(); headers.setHeader("Content-Type", isContentTypeFolded? mm.getContentType():mm.getContentType().replaceAll("\\s", " ")); ByteArrayOutputStream baos = new ByteArrayOutputStream(); mm.writeTo(baos); MimeBodyPart signedPart = new MimeBodyPart(headers, baos.toByteArray()); return signedPart; }
public TestResult perform() { SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); SMIMECapabilitiesAttribute attr = new SMIMECapabilitiesAttribute(caps); SMIMEEncryptionKeyPreferenceAttribute pref = new SMIMEEncryptionKeyPreferenceAttribute( new RecipientKeyIdentifier(new DEROctetString(new byte[8]), new DERGeneralizedTime("20070315173729Z"), null)); try { if (!isSameAs(attr.getEncoded(), attrBytes)) { return new SimpleTestResult(false, getName() + ": Failed attr data check"); } ByteArrayInputStream bIn = new ByteArrayInputStream(attrBytes); ASN1InputStream aIn = new ASN1InputStream(bIn); ASN1Primitive o = aIn.readObject(); if (!attr.equals(o)) { return new SimpleTestResult(false, getName() + ": Failed equality test for attr"); } if (!isSameAs(pref.getEncoded(), prefBytes)) { return new SimpleTestResult(false, getName() + ": Failed attr data check"); } bIn = new ByteArrayInputStream(prefBytes); aIn = new ASN1InputStream(bIn); o = aIn.readObject(); if (!pref.equals(o)) { return new SimpleTestResult(false, getName() + ": Failed equality test for pref"); } return new SimpleTestResult(true, getName() + ": Okay"); } catch (Exception e) { return new SimpleTestResult(false, getName() + ": Failed - exception " + e.toString(), e); } }
