1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
Description: Fix the compatibility with the latest version of BouncyCastle in Debian
Origin: vendor
Bug: https://issues.apache.org/jira/browse/PDFBOX-1587
https://issues.apache.org/jira/browse/PDFBOX-1669
Author: Gregor Herrmann <gregoa@debian.org>, Tony Mancill <tmancill@debian.org>
Last-Update: 2023-12-14
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/PublicKeySecurityHandler.java
@@ -27,6 +27,7 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
@@ -38,10 +39,10 @@
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
@@ -56,6 +57,7 @@
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.RecipientInformation;
+import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSString;
import org.apache.pdfbox.exceptions.CryptographyException;
@@ -185,7 +187,7 @@
if (ri.getRID().match(material.getCertificate()) && !foundRecipient)
{
foundRecipient = true;
- envelopedData = ri.getContent(material.getPrivateKey(), "BC");
+ envelopedData = ri.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) material.getPrivateKey()).setProvider("BC"));
break;
}
}
@@ -239,10 +241,6 @@
{
throw new CryptographyException(e);
}
- catch (NoSuchProviderException e)
- {
- throw new CryptographyException(e);
- }
catch (NoSuchAlgorithmException e)
{
throw new CryptographyException(e);
@@ -311,11 +309,11 @@
pkcs7input[22] = two;
pkcs7input[23] = one;
- DERObject obj = createDERForRecipient(pkcs7input, certificate);
+ ASN1Primitive obj = createDERForRecipient(pkcs7input, certificate);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- DEROutputStream k = new DEROutputStream(baos);
+ ASN1OutputStream k = ASN1OutputStream.create(baos);
k.writeObject(obj);
@@ -378,7 +376,7 @@
}
- private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
+ private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert)
throws IOException,
GeneralSecurityException
{
@@ -389,7 +387,7 @@
AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
- DERObject derobject = asn1inputstream.readObject();
+ ASN1Primitive derobject = asn1inputstream.readObject();
KeyGenerator keygenerator;
try
{
@@ -409,13 +407,13 @@
DEROctetString deroctetstring = new DEROctetString(abyte1);
KeyTransRecipientInfo keytransrecipientinfo = computeRecipientInfo(cert, secretkey.getEncoded());
DERSet derset = new DERSet(new RecipientInfo(keytransrecipientinfo));
- AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
+ AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(s), derobject);
EncryptedContentInfo encryptedcontentinfo =
new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
- EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
+ EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (org.bouncycastle.asn1.ASN1Set) null);
ContentInfo contentinfo =
new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
- return contentinfo.getDERObject();
+ return contentinfo.toASN1Primitive();
}
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
@@ -430,7 +428,7 @@
new IssuerAndSerialNumber(
tbscertificatestructure.getIssuer(),
tbscertificatestructure.getSerialNumber().getValue());
- Cipher cipher = Cipher.getInstance(algorithmidentifier.getObjectId().getId());
+ Cipher cipher = Cipher.getInstance(algorithmidentifier.getAlgorithm().getId());
cipher.init(1, x509certificate.getPublicKey());
DEROctetString deroctetstring = new DEROctetString(cipher.doFinal(abyte0));
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
|
