diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java.ade1 2014-06-26 16:24:28.166315424 +0800
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/EnvelopedInputImpl.java 2014-06-26 17:32:29.632936971 +0800
@@ -3,6 +3,7 @@ package org.jboss.resteasy.security.smim
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.mail.smime.SMIMEEnveloped;
import org.bouncycastle.mail.smime.SMIMEUtil;
import org.jboss.resteasy.core.Headers;
@@ -159,7 +160,8 @@ public class EnvelopedInputImpl implemen
RecipientInformationStore recipients = m.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
- decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(pKey, "BC"));
+ decrypted = SMIMEUtil.toMimeBodyPart(recipient.getContent(
+ new JceKeyTransEnvelopedRecipient(pKey).setProvider("BC")));
}
catch (Exception e1)
{
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java.ade1 2014-06-26 17:07:37.679401083 +0800
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/MultipartSignedInputImpl.java 2014-06-26 17:11:10.734149755 +0800
@@ -2,6 +2,7 @@ package org.jboss.resteasy.security.smim
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.mail.smime.SMIMESigned;
import org.jboss.resteasy.util.GenericType;
@@ -157,7 +158,8 @@ public class MultipartSignedInputImpl im
SignerInformationStore signers = signed.getSignerInfos();
SignerInformation signer = (SignerInformation) signers.getSigners().iterator().next();
- return signer.verify(publicKey, "BC");
+ return signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
+ .setProvider("BC").build(publicKey));
}
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java.ade1 2014-06-26 16:36:24.564853001 +0800
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureInput.java 2014-06-26 18:52:43.301108577 +0800
@@ -3,6 +3,7 @@ package org.jboss.resteasy.security.smim
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.util.Base64;
import org.jboss.resteasy.util.GenericType;
@@ -206,7 +207,8 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(certificate, "BC"))
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
+ .setProvider("BC").build(certificate)))
{
return true;
}
@@ -218,7 +220,8 @@ public class PKCS7SignatureInput<T>
for (Object info : data.getSignerInfos().getSigners())
{
SignerInformation signer = (SignerInformation)info;
- if (signer.verify(publicKey, "BC"))
+ if (signer.verify(new JcaSimpleSignerInfoVerifierBuilder()
+ .setProvider("BC").build(publicKey)))
{
return true;
}
diff -up ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java.ade1 ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java
--- ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java.ade1 2014-06-24 23:38:42.464516920 +0800
+++ ./jaxrs/security/resteasy-crypto/src/main/java/org/jboss/resteasy/security/smime/PKCS7SignatureWriter.java 2014-06-26 18:05:06.601349666 +0800
@@ -4,7 +4,13 @@ import org.bouncycastle.cms.CMSException
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.operator.OperatorCreationException;
import org.jboss.resteasy.security.BouncyIntegration;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.WriterException;
@@ -25,6 +31,7 @@ import java.lang.reflect.Type;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.X509Certificate;
+import java.security.cert.CertificateEncodingException;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -70,7 +77,7 @@ public class PKCS7SignatureWriter implem
}
}
- public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException
+ public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException
{
ByteArrayOutputStream bodyOs = new ByteArrayOutputStream();
MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType());
@@ -82,11 +89,18 @@ public class PKCS7SignatureWriter implem
bodyHeaders.add("Content-Type", out.getMediaType().toString());
writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs);
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
- signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
+
+ ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey());
+ signGen.addSignerInfoGenerator(
+ new JcaSignerInfoGeneratorBuilder(
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
+ .build(sha1Signer, (X509Certificate)out.getCertificate()));
+
+ //signGen.addSigner(out.getPrivateKey(), (X509Certificate)out.getCertificate(), CMSSignedDataGenerator.DIGEST_SHA1);
//signGen.addCertificatesAndCRLs(certs);
- CMSProcessable content = new CMSProcessableByteArray(bodyOs.toByteArray());
+ CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray());
- CMSSignedData signedData = signGen.generate(content, true, "BC");
+ CMSSignedData signedData = signGen.generate(content, true);
return signedData.getEncoded();
}
}