CMSAuthEnvelopedDataStreamGenerator and CMSAuthEnvelopedDataParser

bcgit · Feb 6, 2024 · 3eb6ed5 · 3eb6ed5
1 parent 294b42c
commit 3eb6ed5
Show file tree

Hide file tree

Showing 35 changed files with 1,578 additions and 708 deletions.
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedData.java
@@ -3,7 +3,9 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
 
+import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.cms.AttributeTable;
@@ -23,23 +25,26 @@ public class CMSAuthEnvelopedData
     RecipientInformationStore recipientInfoStore;
     ContentInfo contentInfo;
 
-    private OriginatorInformation  originatorInfo;
-    private AlgorithmIdentifier    authEncAlg;
-    private ASN1Set                authAttrs;
-    private byte[]                 mac;
-    private ASN1Set                unauthAttrs;
+    private OriginatorInformation originatorInfo;
+    private AlgorithmIdentifier authEncAlg;
+    private ASN1Set authAttrs;
+    private byte[] mac;
+    private ASN1Set unauthAttrs;
 
-    public CMSAuthEnvelopedData(byte[] authEnvData) throws CMSException
+    public CMSAuthEnvelopedData(byte[] authEnvData)
+        throws CMSException
     {
         this(CMSUtils.readContentInfo(authEnvData));
     }
 
-    public CMSAuthEnvelopedData(InputStream authEnvData) throws CMSException
+    public CMSAuthEnvelopedData(InputStream authEnvData)
+        throws CMSException
     {
         this(CMSUtils.readContentInfo(authEnvData));
     }
 
-    public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException
+    public CMSAuthEnvelopedData(ContentInfo contentInfo)
+        throws CMSException
     {
         this.contentInfo = contentInfo;
 
@@ -63,17 +68,58 @@ public CMSAuthEnvelopedData(ContentInfo contentInfo) throws CMSException
 
         this.mac = authEnvData.getMac().getOctets();
 
-        CMSSecureReadable secureReadable = new CMSSecureReadable()
+        CMSSecureReadable secureReadable = new CMSSecureReadableWithAAD()
         {
+            private OutputStream aadStream;
+
+            @Override
+            public ASN1Set getAuthAttrSet()
+            {
+                return authAttrs;
+            }
+
+            @Override
+            public void setAuthAttrSet(ASN1Set set)
+            {
+
+            }
+
+            @Override
+            public boolean hasAdditionalData()
+            {
+                return (aadStream != null && authAttrs != null);
+            }
+
             public ASN1ObjectIdentifier getContentType()
             {
                 return authEncInfo.getContentType();
             }
 
             public InputStream getInputStream()
-                throws IOException, CMSException
+                throws IOException
+            {
+                if (aadStream != null && authAttrs != null)
+                {
+                    aadStream.write(authAttrs.getEncoded(ASN1Encoding.DER));
+                }
+                return new InputStreamWithMAC(new ByteArrayInputStream(authEncInfo.getEncryptedContent().getOctets()), mac);
+            }
+
+            @Override
+            public void setAADStream(OutputStream stream)
             {
-                return new ByteArrayInputStream(Arrays.concatenate(authEncInfo.getEncryptedContent().getOctets(), mac));
+                aadStream = stream;
+            }
+
+            public OutputStream getAADStream()
+            {
+                return aadStream;
+            }
+
+            @Override
+            public byte[] getMAC()
+            {
+                return Arrays.clone(mac);
             }
         };
 
@@ -84,27 +130,8 @@ public InputStream getInputStream()
         //
         // build the RecipientInformationStore
         //
-        if (authAttrs != null)
-        {
-            this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
-                recipientInfos, this.authEncAlg, secureReadable, new AuthAttributesProvider()
-                {
-                    public ASN1Set getAuthAttributes()
-                    {
-                        return authAttrs;
-                    }
-
-                    public boolean isAead()
-                    {
-                        return true;
-                    }
-                });
-        }
-        else
-        {
-            this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
-                recipientInfos, this.authEncAlg, secureReadable);
-        }
+        this.recipientInfoStore = CMSEnvelopedHelper.buildRecipientInformationStore(
+            recipientInfos, this.authEncAlg, secureReadable);
     }
 
     /**
@@ -128,6 +155,7 @@ public RecipientInformationStore getRecipientInfos()
     /**
      * return a table of the authenticated attributes (as in those used to provide associated data) indexed by
      * the OID of the attribute.
+     *
      * @return the authenticated attributes.
      */
     public AttributeTable getAuthAttrs()
@@ -143,6 +171,7 @@ public AttributeTable getAuthAttrs()
     /**
      * return a table of the unauthenticated attributes indexed by
      * the OID of the attribute.
+     *
      * @return the unauthenticated attributes.
      */
     public AttributeTable getUnauthAttrs()
@@ -157,6 +186,7 @@ public AttributeTable getUnauthAttrs()
 
     /**
      * Return the MAC value that was originally calculated for this AuthEnveloped data.
+     *
      * @return the MAC data associated with the stream.
      */
     public byte[] getMac()

diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSAuthEnvelopedDataGenerator.java
@@ -3,24 +3,15 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Collections;
-import java.util.Iterator;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.BEROctetString;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DLSet;
-import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.AuthEnvelopedData;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
 import org.bouncycastle.asn1.cms.EncryptedContentInfo;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.operator.GenericKey;
 import org.bouncycastle.operator.OutputAEADEncryptor;
 
 public class CMSAuthEnvelopedDataGenerator
@@ -38,26 +29,17 @@ private CMSAuthEnvelopedData doGenerate(
         OutputAEADEncryptor contentEncryptor)
         throws CMSException
     {
-        ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
-        AlgorithmIdentifier encAlgId;
-        ASN1OctetString encContent;
+        ASN1EncodableVector recipientInfos = CMSUtils.getRecipentInfos(contentEncryptor.getKey(), recipientInfoGenerators);
 
         ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        ASN1Set authenticatedAttrSet = null;
+        ASN1Set authenticatedAttrSet;
         try
         {
             OutputStream cOut = contentEncryptor.getOutputStream(bOut);
 
             content.write(cOut);
-
-            if (authAttrsGenerator != null)
-            {
-                AttributeTable attrTable = authAttrsGenerator.getAttributes(Collections.EMPTY_MAP);
 
-                authenticatedAttrSet = new DERSet(attrTable.toASN1EncodableVector());
-
-                contentEncryptor.getAADStream().write(authenticatedAttrSet.getEncoded(ASN1Encoding.DER));
-            }
+            authenticatedAttrSet = CMSUtils.processAuthAttrSet(authAttrsGenerator, contentEncryptor);
 
             cOut.close();
         }
@@ -69,35 +51,13 @@ private CMSAuthEnvelopedData doGenerate(
         byte[] encryptedContent = bOut.toByteArray();
         byte[] mac = contentEncryptor.getMAC();
 
-        encAlgId = contentEncryptor.getAlgorithmIdentifier();
-
-        encContent = new BEROctetString(encryptedContent);
-
-        GenericKey encKey = contentEncryptor.getKey();
+        EncryptedContentInfo eci = CMSUtils.getEncryptedContentInfo(content, contentEncryptor, encryptedContent);
 
-        for (Iterator it = recipientInfoGenerators.iterator(); it.hasNext();)
-        {
-            RecipientInfoGenerator recipient = (RecipientInfoGenerator)it.next();
-
-            recipientInfos.add(recipient.generate(encKey));
-        }
-
-        EncryptedContentInfo eci = new EncryptedContentInfo(
-                        content.getContentType(),
-                        encAlgId,
-                        encContent);
-
-        ASN1Set unprotectedAttrSet = null;
-        if (unauthAttrsGenerator != null)
-        {
-            AttributeTable attrTable = unauthAttrsGenerator.getAttributes(Collections.EMPTY_MAP);
-
-            unprotectedAttrSet = new DLSet(attrTable.toASN1EncodableVector());
-        }
+        ASN1Set unprotectedAttrSet = CMSUtils.getAttrDLSet(unauthAttrsGenerator);
 
         ContentInfo contentInfo = new ContentInfo(
-                CMSObjectIdentifiers.authEnvelopedData,
-                new AuthEnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, authenticatedAttrSet, new DEROctetString(mac), unprotectedAttrSet));
+            CMSObjectIdentifiers.authEnvelopedData,
+            new AuthEnvelopedData(originatorInfo, new DERSet(recipientInfos), eci, authenticatedAttrSet, new DEROctetString(mac), unprotectedAttrSet));
 
         return new CMSAuthEnvelopedData(contentInfo);
     }