21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
# File 'lib/ccrypto/java/engines/pkcs7_engine.rb', line 21
def sign(val, outForm = :bin, &block)
validate_input(val, "signing")
validate_key_must_exist("signing")
raise PKCS7EngineException, "signerCert is required for PKCS7 sign operation" if is_empty?(@config.signerCert)
raise PKCS7EngineException, "Given signerCert must be a Ccrypto::X509Cert object" if not @config.signerCert.is_a?(Ccrypto::X509Cert)
privKey = @config.private_key
prov = nil
signHash = nil
attached = true
caCerts = []
os = nil
readBufSize = 1024000
signSpec = nil
if block
prov = block.call(:jce_provider)
signHash = block.call(:sign_hash)
detSign = block.call(:detached_sign)
attached = ! detSign if is_bool?(detSign)
caCerts = block.call(:ca_certs)
os = block.call(:output_stream)
if not (os.nil? or os.is_a?(java.io.OutputStream))
raise PKCS7EngineException, "Given output_stream is not type of java.io.OutputStream (Given #{os}). Please provide an java.io.OutputStream object or use default which is java.io.ByteArrayOutputStream"
end
readBufSize = block.call(:read_buffer_size)
signSpec = block.call(:signing_spec)
end
caCerts = [] if caCerts.nil?
prov = Ccrypto::Java::JCEProvider::DEFProv if is_empty?(prov)
signHash = :sha256 if is_empty?(signHash)
attached = true if is_empty?(attached)
readBufSize = 1024000 if readBufSize.to_i > 0
os = java.io.ByteArrayOutputStream.new if os.nil?
lst = java.util.ArrayList.new
lst.add(@config.signerCert.nativeX509)
caCerts.each do |cc|
list.add(cc.nativeX509)
end
store = org.bouncycastle.cert.jcajce.JcaCertStore.new(lst)
gen = org.bouncycastle.cms.CMSSignedDataStreamGenerator.new
if is_empty?(signSpec)
gKey = privKey
loop do
case gKey
when ::Java::OrgBouncycastleJcajceProviderAsymmetricEc::BCECPrivateKey
signSpec = "#{signHash.upcase}withECDSA"
break
when java.security.interfaces.RSAPrivateKey
signSpec = "#{signHash.to_s.upcase}withRSA"
break
when Ccrypto::PrivateKey
gKey = gKey.native_privKey
else
raise PKCS7EngineException, "Unknown private key type '#{gKey}' to derive the hash algo from"
end
end
end
signer = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signSpec).setProvider(prov).build(gKey)
infoGen = org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.new(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder.new.setProvider(prov).build()).build(signer, @config.signerCert.nativeX509)
gen.addSignerInfoGenerator(infoGen)
gen.addCertificates(store)
begin
if attached
teLogger.debug "Initiated attached sign"
else
teLogger.debug "Initiated detached sign"
end
sos = gen.open(os, attached)
case val
when java.io.InputStream
teLogger.debug "InputStream data-to-be-signed detected"
buf = ::Java::Byte[readBufSize].new
read = 0
processed = 0
while((read = val.read(buf, 0, buf.length)) != -1)
sos.write(buf, 0 ,read)
processed += read
block.call(:processed, processed) if block
end
else
teLogger.debug "Byte array data-to-be-signed detected"
ba = to_java_bytes(val)
if ba.is_a?(::Java::byte[])
sos.write(ba)
sos.flush
sos.close
else
raise PKCS7EngineException, "Not able to convert given input into byte array. Got #{val.class}"
end
end
os.toByteArray
rescue Exception => ex
raise PKCS7EngineException, ex
ensure
begin
sos.close
rescue Exception; end
end
end
|