Репозитории ALT
S: | 2.1.7-alt7_41jpp11 |
5.1: | 1.4-alt1_3jpp5 |
4.1: | 1.4.8-alt1_0.2jpp1.7 |
4.0: | 1.4.8-alt1_0.2jpp1.7 |
Группа :: Разработка/Прочее
Пакет: itext
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 0001-Port-to-bouncycastle-1.50.patch
Скачать
Скачать
From c1267522e730b5b0e0c905f2fedc3e8adb818bef Mon Sep 17 00:00:00 2001
From: Michal Srb <msrb@redhat.com>
Date: Thu, 27 Feb 2014 07:38:54 +0100
Subject: [PATCH] Port to bouncycastle 1.50
---
src/core/com/lowagie/text/pdf/PdfPKCS7.java | 38 +++++++++++++---------
.../text/pdf/PdfPublicKeySecurityHandler.java | 15 ++++-----
src/core/com/lowagie/text/pdf/PdfReader.java | 4 ++-
3 files changed, 32 insertions(+), 25 deletions(-)
diff --git a/src/core/com/lowagie/text/pdf/PdfPKCS7.java b/src/core/com/lowagie/text/pdf/PdfPKCS7.java
index 8ccc73e..289a1e0 100755
--- a/src/core/com/lowagie/text/pdf/PdfPKCS7.java
+++ b/src/core/com/lowagie/text/pdf/PdfPKCS7.java
@@ -75,7 +75,7 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
-import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OutputStream;
@@ -85,13 +85,13 @@ import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERString;
+import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.AttributeTable;
@@ -100,14 +100,19 @@ import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.jce.provider.X509CRLParser;
import org.bouncycastle.jce.provider.X509CertParser;
+
import com.lowagie.text.ExceptionConverter;
+
import java.security.cert.CertificateParsingException;
import java.util.Date;
+
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.tsp.MessageImprint;
import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.SingleResp;
@@ -379,7 +384,7 @@ public class PdfPKCS7 {
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
- DERObject pkcs;
+ ASN1Primitive pkcs;
try {
pkcs = din.readObject();
@@ -464,7 +469,7 @@ public class PdfPKCS7 {
if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
- sigAttr = sseq.getEncoded(ASN1Encodable.DER);
+ sigAttr = sseq.getEncoded(ASN1Encoding.DER);
for (int k = 0; k < sseq.size(); ++k) {
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
@@ -928,7 +933,8 @@ public class PdfPKCS7 {
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
- ts.validate(certStoreX509, provider);
+ SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509);
+ ts.validate(siv);
return true;
}
catch (Exception ex) {
@@ -949,7 +955,7 @@ public class PdfPKCS7 {
*/
public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
try {
- DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
+ ASN1Primitive obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
if (obj == null) {
return null;
}
@@ -961,7 +967,7 @@ public class PdfPKCS7 {
continue;
} else {
if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
- String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1));
+ String AccessLocation = getStringFromGeneralName((ASN1Primitive)AccessDescription.getObjectAt(1));
if ( AccessLocation == null ) {
return "" ;
} else {
@@ -999,7 +1005,7 @@ public class PdfPKCS7 {
return false;
}
- private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException {
+ private static ASN1Primitive getExtensionValue(X509Certificate cert, String oid) throws IOException {
byte[] bytes = cert.getExtensionValue(oid);
if (bytes == null) {
return null;
@@ -1010,7 +1016,7 @@ public class PdfPKCS7 {
return aIn.readObject();
}
- private static String getStringFromGeneralName(DERObject names) throws IOException {
+ private static String getStringFromGeneralName(ASN1Primitive names) throws IOException {
DERTaggedObject taggedObject = (DERTaggedObject) names ;
return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
}
@@ -1020,11 +1026,11 @@ public class PdfPKCS7 {
* @param enc a TBSCertificate in a byte array
* @return a DERObject
*/
- private static DERObject getIssuer(byte[] enc) {
+ private static ASN1Primitive getIssuer(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
- return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
+ return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@@ -1036,11 +1042,11 @@ public class PdfPKCS7 {
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
- private static DERObject getSubject(byte[] enc) {
+ private static ASN1Primitive getSubject(byte[] enc) {
try {
ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
ASN1Sequence seq = (ASN1Sequence)in.readObject();
- return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
+ return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
}
catch (IOException e) {
throw new ExceptionConverter(e);
@@ -1340,7 +1346,7 @@ public class PdfPKCS7 {
*/
public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
try {
- return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER);
+ return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encoding.DER);
}
catch (Exception e) {
throw new ExceptionConverter(e);
@@ -1575,7 +1581,7 @@ public class PdfPKCS7 {
vs = new ArrayList();
values.put(id, vs);
}
- vs.add(((DERString)s.getObjectAt(1)).getString());
+ vs.add(((ASN1Primitive)s.getObjectAt(1)).toString());
}
}
}
diff --git a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
index ed30814..0878306 100644
--- a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
+++ b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
@@ -92,7 +92,6 @@ package com.lowagie.text.pdf;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
@@ -100,7 +99,6 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
-
import java.util.ArrayList;
import javax.crypto.Cipher;
@@ -108,7 +106,8 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
@@ -244,7 +243,7 @@ public class PdfPublicKeySecurityHandler {
pkcs7input[22] = two;
pkcs7input[23] = one;
- DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
+ ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -276,7 +275,7 @@ public class PdfPublicKeySecurityHandler {
return EncodedRecipients;
}
- private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
+ private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
@@ -287,7 +286,7 @@ public class PdfPublicKeySecurityHandler {
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
- DERObject derobject = asn1inputstream.readObject();
+ ASN1Primitive derobject = asn1inputstream.readObject();
KeyGenerator keygenerator = KeyGenerator.getInstance(s);
keygenerator.init(128);
SecretKey secretkey = keygenerator.generateKey();
@@ -300,10 +299,10 @@ public class PdfPublicKeySecurityHandler {
AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
- EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
+ EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
- return contentinfo.getDERObject();
+ return contentinfo.toASN1Primitive();
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
diff --git a/src/core/com/lowagie/text/pdf/PdfReader.java b/src/core/com/lowagie/text/pdf/PdfReader.java
index 8699f22..cf9c16a 100755
--- a/src/core/com/lowagie/text/pdf/PdfReader.java
+++ b/src/core/com/lowagie/text/pdf/PdfReader.java
@@ -67,6 +67,7 @@ import java.util.zip.InflaterInputStream;
import java.util.Stack;
import java.security.Key;
import java.security.MessageDigest;
+import java.security.PrivateKey;
import java.security.cert.Certificate;
import com.lowagie.text.ExceptionConverter;
@@ -80,6 +81,7 @@ import com.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.RecipientInformation;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
/** Reads a PDF document.
* @author Paulo Soares (psoares@consiste.pt)
@@ -719,7 +721,7 @@ public class PdfReader implements PdfViewerPreferences {
RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
- envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
+ envelopedData = recipientInfo.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) certificateKey).setProvider(certificateKeyProvider));
foundRecipient = true;
}
}
--
1.8.5.3