Google Git
Sign in
android / platform / external / bouncycastle / 1b335c5efbcf241b55345622fe9978047c3fdf9e / . / bcpkix / src / main / java / org / bouncycastle / cms / test / NewEnvelopedDataStreamTest.java
blob: 77596779f1a3a05caab21290ab6e82998c0b789f [file] [log] [blame]
package org.bouncycastle.cms.test;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import javax.crypto.SecretKey;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSEnvelopedDataParser;
import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
import org.bouncycastle.cms.CMSTypedStream;
import org.bouncycastle.cms.KEKRecipientId;
import org.bouncycastle.cms.OriginatorInfoGenerator;
import org.bouncycastle.cms.OriginatorInformation;
import org.bouncycastle.cms.RecipientId;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.RecipientInformationStore;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
public class NewEnvelopedDataStreamTest
extends TestCase
{
private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
private static final int BUFFER_SIZE = 4000;
private static String _signDN;
private static KeyPair _signKP;
private static X509Certificate _signCert;
private static String _origDN;
private static KeyPair _origKP;
private static X509Certificate _origCert;
private static String _reciDN;
private static KeyPair _reciKP;
private static X509Certificate _reciCert;
private static KeyPair _origEcKP;
private static KeyPair _reciEcKP;
private static X509Certificate _reciEcCert;
private static boolean _initialised = false;
public NewEnvelopedDataStreamTest()
{
}
private static void init()
throws Exception
{
if (!_initialised)
{
_initialised = true;
_signDN = "O=Bouncy Castle, C=AU";
_signKP = CMSTestUtil.makeKeyPair();
_signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
_origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
_origKP = CMSTestUtil.makeKeyPair();
_origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
_reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
_reciKP = CMSTestUtil.makeKeyPair();
_reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
_origEcKP = CMSTestUtil.makeEcDsaKeyPair();
_reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
_reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
}
}
public void setUp()
throws Exception
{
init();
}
public void testWorkingData()
throws Exception
{
byte[] keyData = Base64.decode(
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKrAz/SQKrcQ" +
"nj9IxHIfKDbuXsMqUpI06s2gps6fp7RDNvtUDDMOciWGFhD45YSy8GO0mPx3" +
"Nkc7vKBqX4TLcqLUz7kXGOHGOwiPZoNF+9jBMPNROe/B0My0PkWg9tuq+nxN" +
"64oD47+JvDwrpNOS5wsYavXeAW8Anv9ZzHLU7KwZAgMBAAECgYA/fqdVt+5K" +
"WKGfwr1Z+oAHvSf7xtchiw/tGtosZ24DOCNP3fcTXUHQ9kVqVkNyzt9ZFCT3" +
"bJUAdBQ2SpfuV4DusVeQZVzcROKeA09nPkxBpTefWbSDQGhb+eZq9L8JDRSW" +
"HyYqs+MBoUpLw7GKtZiJkZyY6CsYkAnQ+uYVWq/TIQJBAP5zafO4HUV/w4KD" +
"VJi+ua+GYF1Sg1t/dYL1kXO9GP1p75YAmtm6LdnOCas7wj70/G1YlPGkOP0V" +
"GFzeG5KAmAUCQQCryvKU9nwWA+kypcQT9Yr1P4vGS0APYoBThnZq7jEPc5Cm" +
"ZI82yseSxSeea0+8KQbZ5mvh1p3qImDLEH/iNSQFAkAghS+tboKPN10NeSt+" +
"uiGRRWNbiggv0YJ7Uldcq3ZeLQPp7/naiekCRUsHD4Qr97OrZf7jQ1HlRqTu" +
"eZScjMLhAkBNUMZCQnhwFAyEzdPkQ7LpU1MdyEopYmRssuxijZao5JLqQAGw" +
"YCzXokGFa7hz72b09F4DQurJL/WuDlvvu4jdAkEAxwT9lylvfSfEQw4/qQgZ" +
"MFB26gqB6Gqs1pHIZCzdliKx5BO3VDeUGfXMI8yOkbXoWbYx5xPid/+N8R//" +
"+sxLBw==");
byte[] envData = Base64.decode(
"MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKEw1C" +
"b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBHjANBgkqhkiG9w0BAQEFAASB" +
"gDmnaDZ0vDJNlaUSYyEXsgbaUH+itNTjCOgv77QTX2ImXj+kTctM19PQF2I1" +
"0/NL0fjakvCgBTHKmk13a7jqB6cX3bysenHNrglHsgNGgeXQ7ggAq5fV/JQQ" +
"T7rSxEtuwpbuHQnoVUZahOHVKy/a0uLr9iIh1A3y+yZTZaG505ZJMIAGCSqG" +
"SIb3DQEHATAdBglghkgBZQMEAQIEENmkYNbDXiZxJWtq82qIRZKggAQgkOGr" +
"1JcTsADStez1eY4+rO4DtyBIyUYQ3pilnbirfPkAAAAAAAAAAAAA");
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(envData);
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyData);
KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
PrivateKey priKey = keyFact.generatePrivate(keySpec);
byte[] data = Hex.decode("57616c6c6157616c6c6157617368696e67746f6e");
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(priKey).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
}
private void verifyData(
ByteArrayOutputStream encodedStream,
String expectedOid,
byte[] expectedData)
throws Exception
{
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(encodedStream.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), expectedOid);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
assertEquals(true, Arrays.equals(expectedData, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
}
public void testUnprotectedAttributes()
throws Exception
{
byte[] data = "WallaWallaWashington".getBytes();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
Hashtable attrs = new Hashtable();
attrs.put(PKCSObjectIdentifiers.id_aa_contentHint, new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new DERUTF8String("Hint"))));
attrs.put(PKCSObjectIdentifiers.id_aa_receiptRequest, new Attribute(PKCSObjectIdentifiers.id_aa_receiptRequest, new DERSet(new DERUTF8String("Request"))));
AttributeTable attrTable = new AttributeTable(attrs);
edGen.setUnprotectedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ed = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ed.getRecipientInfos();
Collection c = recipients.getRecipients();
assertEquals(1, c.size());
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
assertEquals(true, Arrays.equals(data, recData));
}
attrTable = ed.getUnprotectedAttributes();
assertEquals(attrs.size(), 2);
assertEquals(new DERUTF8String("Hint"), attrTable.get(PKCSObjectIdentifiers.id_aa_contentHint).getAttrValues().getObjectAt(0));
assertEquals(new DERUTF8String("Request"), attrTable.get(PKCSObjectIdentifiers.id_aa_receiptRequest).getAttrValues().getObjectAt(0));
}
public void testKeyTransAES128BufferedStream()
throws Exception
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
for (int i = 0; i != 2000; i++)
{
out.write(data[i]);
}
out.close();
verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
int unbufferedLength = bOut.toByteArray().length;
//
// Using buffered output - should be == to unbuffered
//
edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
bOut = new ByteArrayOutputStream();
out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
BufferedOutputStream bfOut = new BufferedOutputStream(out, 300);
for (int i = 0; i != 2000; i++)
{
bfOut.write(data[i]);
}
bfOut.close();
verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
assertTrue(bOut.toByteArray().length == unbufferedLength);
}
public void testKeyTransAES128Buffered()
throws Exception
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// unbuffered
//
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
for (int i = 0; i != 2000; i++)
{
out.write(data[i]);
}
out.close();
verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
int unbufferedLength = bOut.toByteArray().length;
//
// buffered - less than default of 1000
//
edGen = new CMSEnvelopedDataStreamGenerator();
edGen.setBufferSize(300);
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
bOut = new ByteArrayOutputStream();
out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
for (int i = 0; i != 2000; i++)
{
out.write(data[i]);
}
out.close();
verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
assertTrue(bOut.toByteArray().length > unbufferedLength);
}
public void testKeyTransAES128Der()
throws Exception
{
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
for (int i = 0; i != 2000; i++)
{
out.write(data[i]);
}
out.close();
// convert to DER
ASN1InputStream aIn = new ASN1InputStream(bOut.toByteArray());
bOut.reset();
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(aIn.readObject());
verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
}
public void testKeyTransAES128Throughput()
throws Exception
{
byte[] data = new byte[40001];
for (int i = 0; i != data.length; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// buffered
//
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.setBufferSize(BUFFER_SIZE);
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
for (int i = 0; i != data.length; i++)
{
out.write(data[i]);
}
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
if (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
InputStream dataStream = recData.getContentStream();
ByteArrayOutputStream dataOut = new ByteArrayOutputStream();
int len;
byte[] buf = new byte[BUFFER_SIZE];
int count = 0;
while (count != 10 && (len = dataStream.read(buf)) > 0)
{
assertEquals(buf.length, len);
dataOut.write(buf);
count++;
}
len = dataStream.read(buf);
dataOut.write(buf, 0, len);
assertEquals(true, Arrays.equals(data, dataOut.toByteArray()));
}
else
{
fail("recipient not found.");
}
}
public void testKeyTransAES128AndOriginatorInfo()
throws Exception
{
byte[] data = "WallaWallaWashington".getBytes();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
edGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
assertTrue(ep.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
ep.close();
}
public void testKeyTransAES128()
throws Exception
{
byte[] data = "WallaWallaWashington".getBytes();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
ep.close();
}
public void testKeyTransCAST5SunJCE()
throws Exception
{
if (Security.getProvider("SunJCE") == null)
{
return;
}
String version = System.getProperty("java.version");
if (version.startsWith("1.4") || version.startsWith("1.3"))
{
return;
}
byte[] data = "WallaWallaWashington".getBytes();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider("SunJCE"));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.CAST5_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.CAST5_CBC);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider("SunJCE").setContentProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
ep.close();
}
public void testAESKEK()
throws Exception
{
byte[] data = "WallaWallaWashington".getBytes();
SecretKey kek = CMSTestUtil.makeAES192Key();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut,
new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
Collection c = recipients.getRecipients();
Iterator it = c.iterator();
while (it.hasNext())
{
RecipientInformation recipient = (RecipientInformation)it.next();
assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25");
CMSTypedStream recData = recipient.getContentStream(new JceKEKEnvelopedRecipient(kek).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
}
ep.close();
}
public void testTwoAESKEK()
throws Exception
{
byte[] data = "WallaWallaWashington".getBytes();
SecretKey kek1 = CMSTestUtil.makeAES192Key();
SecretKey kek2 = CMSTestUtil.makeAES192Key();
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId1, kek1).setProvider(BC));
edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId2, kek2).setProvider(BC));
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut,
new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
RecipientId recSel = new KEKRecipientId(kekId2);
RecipientInformation recipient = recipients.get(recSel);
assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25");
CMSTypedStream recData = recipient.getContentStream(new JceKEKEnvelopedRecipient(kek2).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
ep.close();
}
public void testECKeyAgree()
throws Exception
{
byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
recipientGenerator.addRecipient(_reciEcCert);
edGen.addRecipientInfoGenerator(recipientGenerator);
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
OutputStream out = edGen.open(
bOut,
new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
out.write(data);
out.close();
CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
RecipientInformationStore recipients = ep.getRecipientInfos();
assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
RecipientId recSel = new JceKeyAgreeRecipientId(_reciEcCert);
RecipientInformation recipient = recipients.get(recSel);
CMSTypedStream recData = recipient.getContentStream(new JceKeyAgreeEnvelopedRecipient(_reciEcKP.getPrivate()).setProvider(BC));
assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
ep.close();
}
public void testOriginatorInfo()
throws Exception
{
CMSEnvelopedDataParser env = new CMSEnvelopedDataParser(CMSSampleMessages.originatorMessage);
OriginatorInformation origInfo = env.getOriginatorInfo();
RecipientInformationStore recipients = env.getRecipientInfos();
assertEquals(new X500Name("C=US,O=U.S. Government,OU=HSPD12Lab,OU=Agents,CN=user1"), ((X509CertificateHolder)origInfo.getCertificates().getMatches(null).iterator().next()).getSubject());
assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID());
}
public static Test suite()
throws Exception
{
return new CMSTestSetup(new TestSuite(NewEnvelopedDataStreamTest.class));
}
}