Skip to content

Commit

Permalink
added certHolder field to copy constructor - fix for github #1941
Browse files Browse the repository at this point in the history
  • Loading branch information
@dghgit
dghgit committed Dec 15, 2024
1 parent c44344e commit c349210
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 0 deletions.
1 change: 1 addition & 0 deletions pkix/src/main/java/org/bouncycastle/cms/SignerInfoGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ public SignerInfoGenerator(
this.digestAlgorithm = original.digestAlgorithm;
this.digester = original.digester;
this.sigEncAlgFinder = original.sigEncAlgFinder;
this.certHolder = original.certHolder;
this.sAttrGen = sAttrGen;
this.unsAttrGen = unsAttrGen;
}
Expand Down
48 changes: 48 additions & 0 deletions pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
Expand Down Expand Up @@ -48,12 +49,16 @@
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.cert.X509CertificateHolder;
Expand All @@ -76,6 +81,7 @@
import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
Expand All @@ -92,6 +98,7 @@
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcContentSignerBuilder;
Expand Down Expand Up @@ -3203,6 +3210,47 @@ public void testMixed()
}
}

public void testSignerInfoGenCopyConstructor()
throws Exception
{
ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BC).build(_origKP.getPrivate());
SignerInfoGenerator signerInfoGen = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha256Signer, _origCert);

DigestCalculator digCalc = new SHA256DigestCalculator();

OutputStream dOut = digCalc.getOutputStream();

dOut.write(_origCert.getEncoded());

dOut.close();

byte[] certHash256 = digCalc.getDigest();
final ESSCertIDv2 essCertIDv2 = new ESSCertIDv2(certHash256, new IssuerSerial(X500Name.getInstance(_origCert.getIssuerX500Principal().getEncoded()), _origCert.getSerialNumber()));

CMSAttributeTableGenerator signedAttrGen = new CMSAttributeTableGenerator()
{
public AttributeTable getAttributes(Map parameters)
throws CMSAttributeTableGenerationException
{
AttributeTable table = signerInfoGen.getSignedAttributeTableGenerator().getAttributes(parameters);

if (table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2) == null)
{
return table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2,
new SigningCertificateV2(essCertIDv2));
}

return table;
}
};
SignerInfoGenerator newSignerInfoGen = new SignerInfoGenerator(signerInfoGen, signedAttrGen, signerInfoGen.getUnsignedAttributeTableGenerator());

assertTrue(signerInfoGen.hasAssociatedCertificate());
assertTrue(newSignerInfoGen.hasAssociatedCertificate());
assertTrue(signerInfoGen.getUnsignedAttributeTableGenerator() == newSignerInfoGen.getUnsignedAttributeTableGenerator());
assertTrue(newSignerInfoGen.getSignedAttributeTableGenerator() == signedAttrGen);
}

public void testMSPKCS7()
throws Exception
{
Expand Down
44 changes: 44 additions & 0 deletions pkix/src/test/java/org/bouncycastle/cms/test/SHA256DigestCalculator.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package org.bouncycastle.cms.test;

import java.io.ByteArrayOutputStream;
import java.io.OutputStream;

import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.operator.DigestCalculator;


class SHA256DigestCalculator
implements DigestCalculator
{
private ByteArrayOutputStream bOut = new ByteArrayOutputStream();

public AlgorithmIdentifier getAlgorithmIdentifier()
{
return new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
}

public OutputStream getOutputStream()
{
return bOut;
}

public byte[] getDigest()
{
byte[] bytes = bOut.toByteArray();

bOut.reset();

Digest sha256 = SHA256Digest.newInstance();

sha256.update(bytes, 0, bytes.length);

byte[] digest = new byte[sha256.getDigestSize()];

sha256.doFinal(digest, 0);

return digest;
}
}

0 comments on commit c349210

Please sign in to comment.