Skip to content

Commit

Permalink
CMSAuthEnvelopedDataStreamGenerator and CMSAuthEnvelopedDataParser
Browse files Browse the repository at this point in the history
  • Loading branch information
ligefeiBouncycastle authored and dghgit committed Feb 6, 2024
1 parent 294b42c commit 3eb6ed5
Show file tree
Hide file tree
Showing 35 changed files with 1,578 additions and 708 deletions.
94 changes: 62 additions & 32 deletions pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.cms.AttributeTable;
Expand All @@ -23,23 +25,26 @@ public class CMSAuthEnvelopedData
RecipientInformationStore recipientInfoStore;
ContentInfo contentInfo;

private OriginatorInformation originatorInfo;
private AlgorithmIdentifier authEncAlg;
private ASN1Set authAttrs;
private byte[] mac;
private ASN1Set unauthAttrs;
private OriginatorInformation originatorInfo;
private AlgorithmIdentifier authEncAlg;
private ASN1Set authAttrs;
private byte[] mac;
private ASN1Set unauthAttrs;

public CMSAuthEnvelopedData(byte[] authEnvData) throws CMSException
public CMSAuthEnvelopedData(byte[] authEnvData)
throws CMSException
{
this(CMSUtils.readContentInfo(authEnvData));
}

public CMSAuthEnvelopedData(InputStream authEnvData) throws CMSException
public CMSAuthEnvelopedData(InputStream authEnvData)
throws CMSException
{
this(CMSUtils.readContentInfo(authEnvData));
}

public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException
public CMSAuthEnvelopedData(ContentInfo contentInfo)
throws CMSException
{
this.contentInfo = contentInfo;

Expand All @@ -63,17 +68,58 @@ public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException

this.mac = authEnvData.getMac().getOctets();

CMSSecureReadable secureReadable = new CMSSecureReadable()
CMSSecureReadable secureReadable = new CMSSecureReadableWithAAD()
{
private OutputStream aadStream;

@Override
public ASN1Set getAuthAttrSet()
{
return authAttrs;
}

@Override
public void setAuthAttrSet(ASN1Set set)
{

}

@Override
public boolean hasAdditionalData()
{
return (aadStream != null && authAttrs != null);
}

public ASN1ObjectIdentifier getContentType()
{
return authEncInfo.getContentType();
}

public InputStream getInputStream()
throws IOException, CMSException
throws IOException
{
if (aadStream != null && authAttrs != null)
{
aadStream.write(authAttrs.getEncoded(ASN1Encoding.DER));
}
return new InputStreamWithMAC(new ByteArrayInputStream(authEncInfo.getEncryptedContent().getOctets()), mac);
}

@Override
public void setAADStream(OutputStream stream)
{
return new ByteArrayInputStream(Arrays.concatenate(authEncInfo.getEncryptedContent().getOctets(), mac));
aadStream = stream;
}

public OutputStream getAADStream()
{
return aadStream;
}

@Override
public byte[] getMAC()
{
return Arrays.clone(mac);
}
};

Expand All @@ -84,27 +130,8 @@ public InputStream getInputStream()
//
// build the RecipientInformationStore
//
if (authAttrs != null)
{
this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
recipientInfos, this.authEncAlg, secureReadable, new AuthAttributesProvider()
{
public ASN1Set getAuthAttributes()
{
return authAttrs;
}

public boolean isAead()
{
return true;
}
});
}
else
{
this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
recipientInfos, this.authEncAlg, secureReadable);
}
this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
recipientInfos, this.authEncAlg, secureReadable);
}

/**
Expand All @@ -128,6 +155,7 @@ public RecipientInformationStore getRecipientInfos()
/**
* return a table of the authenticated attributes (as in those used to provide associated data) indexed by
* the OID of the attribute.
*
* @return the authenticated attributes.
*/
public AttributeTable getAuthAttrs()
Expand All @@ -143,6 +171,7 @@ public AttributeTable getAuthAttrs()
/**
* return a table of the unauthenticated attributes indexed by
* the OID of the attribute.
*
* @return the unauthenticated attributes.
*/
public AttributeTable getUnauthAttrs()
Expand All @@ -157,6 +186,7 @@ public AttributeTable getUnauthAttrs()

/**
* Return the MAC value that was originally calculated for this AuthEnveloped data.
*
* @return the MAC data associated with the stream.
*/
public byte[] getMac()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,15 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collections;
import java.util.Iterator;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DLSet;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.AuthEnvelopedData;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.operator.GenericKey;
import org.bouncycastle.operator.OutputAEADEncryptor;

public class CMSAuthEnvelopedDataGenerator
Expand All @@ -38,26 +29,17 @@ private CMSAuthEnvelopedData doGenerate(
OutputAEADEncryptor contentEncryptor)
throws CMSException
{
ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
AlgorithmIdentifier encAlgId;
ASN1OctetString encContent;
ASN1EncodableVector recipientInfos = CMSUtils.getRecipentInfos(contentEncryptor.getKey(), recipientInfoGenerators);

ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1Set authenticatedAttrSet = null;
ASN1Set authenticatedAttrSet;
try
{
OutputStream cOut = contentEncryptor.getOutputStream(bOut);

content.write(cOut);

if (authAttrsGenerator != null)
{
AttributeTable attrTable = authAttrsGenerator.getAttributes(Collections.EMPTY_MAP);

authenticatedAttrSet = new DERSet(attrTable.toASN1EncodableVector());

contentEncryptor.getAADStream().write(authenticatedAttrSet.getEncoded(ASN1Encoding.DER));
}
authenticatedAttrSet = CMSUtils.processAuthAttrSet(authAttrsGenerator, contentEncryptor);

cOut.close();
}
Expand All @@ -69,35 +51,13 @@ private CMSAuthEnvelopedData doGenerate(
byte[] encryptedContent = bOut.toByteArray();
byte[] mac = contentEncryptor.getMAC();

encAlgId = contentEncryptor.getAlgorithmIdentifier();

encContent = new BEROctetString(encryptedContent);

GenericKey encKey = contentEncryptor.getKey();
EncryptedContentInfo eci = CMSUtils.getEncryptedContentInfo(content, contentEncryptor, encryptedContent);

for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
{
RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();

recipientInfos.add(recipient.generate(encKey));
}

EncryptedContentInfo eci = new EncryptedContentInfo(
content.getContentType(),
encAlgId,
encContent);

ASN1Set unprotectedAttrSet = null;
if (unauthAttrsGenerator != null)
{
AttributeTable attrTable = unauthAttrsGenerator.getAttributes(Collections.EMPTY_MAP);

unprotectedAttrSet = new DLSet(attrTable.toASN1EncodableVector());
}
ASN1Set unprotectedAttrSet = CMSUtils.getAttrDLSet(unauthAttrsGenerator);

ContentInfo contentInfo = new ContentInfo(
CMSObjectIdentifiers.authEnvelopedData,
new AuthEnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, authenticatedAttrSet, new DEROctetString(mac), unprotectedAttrSet));
CMSObjectIdentifiers.authEnvelopedData,
new AuthEnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, authenticatedAttrSet, new DEROctetString(mac), unprotectedAttrSet));

return new CMSAuthEnvelopedData(contentInfo);
}
Expand Down
Loading

0 comments on commit 3eb6ed5

Please sign in to comment.