lib/ccrypto/java/engines/pkcs7_engine.rb in ccrypto-java-0.1.0 vs lib/ccrypto/java/engines/pkcs7_engine.rb in ccrypto-java-0.2.0
- old
+ new
@@ -8,13 +8,10 @@
class PKCS7Engine
include TR::CondUtils
include DataConversion
- include TeLogger::TeLogHelper
- teLogger_tag :j_p7
-
def initialize(config)
raise PKCS7EngineException, "Ccrypto::PKCS7Config is expected. Given #{config}" if not config.is_a?(Ccrypto::PKCS7Config)
@config = config
end
@@ -92,30 +89,30 @@
gen.addCertificates(store)
begin
if attached
- teLogger.debug "Initiated attached sign"
+ logger.debug "Initiated attached sign"
else
- teLogger.debug "Initiated detached sign"
+ logger.debug "Initiated detached sign"
end
sos = gen.open(os, attached)
case val
when java.io.InputStream
- teLogger.debug "InputStream data-to-be-signed detected"
+ logger.debug "InputStream data-to-be-signed detected"
buf = ::Java::Byte[readBufSize].new
read = 0
processed = 0
while((read = val.read(buf, 0, buf.length)) != -1)
sos.write(buf, 0 ,read)
processed += read
block.call(:processed, processed) if block
end
else
- teLogger.debug "Byte array data-to-be-signed detected"
+ logger.debug "Byte array data-to-be-signed detected"
ba = to_java_bytes(val)
if ba.is_a?(::Java::byte[])
sos.write(ba)
sos.flush
sos.close
@@ -153,43 +150,43 @@
data = nil
case srcData
when java.io.File
data = org.bouncycastle.cms.CMSProcessableFile.new(val)
- teLogger.debug "Given original data is a java.io.File"
+ logger.debug "Given original data is a java.io.File"
else
if not_empty?(srcData)
ba = to_java_bytes(srcData)
if ba.is_a?(::Java::byte[])
data = org.bouncycastle.cms.CMSProcessableByteArray.new(ba)
- teLogger.debug "Given original data is a byte array"
+ logger.debug "Given original data is a byte array"
else
raise PKCS7EngineException, "Failed to read original data. Given #{srcData}"
end
else
- teLogger.debug "Original data for signing is not given."
+ logger.debug "Original data for signing is not given."
end
end
case val
when java.io.InputStream
if data.nil?
- teLogger.debug "Attached signature with java.io.InputStream signature detected during verification"
+ logger.debug "Attached signature with java.io.InputStream signature detected during verification"
signed = org.bouncycastle.cms.CMSSignedData.new(val)
else
- teLogger.debug "Detached signature with java.io.InputStream signature detected during verification"
+ logger.debug "Detached signature with java.io.InputStream signature detected during verification"
signed = org.bouncycastle.cms.CMSSignedData.new(data, val)
end
else
if not_empty?(val)
ba = to_java_bytes(val)
if ba.is_a?(::Java::byte[])
if data.nil?
- teLogger.debug "Attached signature with byte array signature detected during verification"
+ logger.debug "Attached signature with byte array signature detected during verification"
signed = org.bouncycastle.cms.CMSSignedData.new(ba)
else
- teLogger.debug "Detached signature with byte array signature detected during verification"
+ logger.debug "Detached signature with byte array signature detected during verification"
signed = org.bouncycastle.cms.CMSSignedData.new(data, ba)
end
else
raise PKCS7EngineException, "Failed to convert input to java byte array. Given #{val.class}"
end
@@ -209,54 +206,54 @@
begin
if block
certVerified = block.call(:verify_certificate, c)
if certVerified.nil?
- teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
+ logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
certVerified = true
elsif is_bool?(certVerified)
if certVerified
- teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} accepted by application"
+ logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} accepted by application"
else
- teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} rejected by application"
+ logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} rejected by application"
end
else
- teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application. Given #{certVerified})"
+ logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application. Given #{certVerified})"
end
else
- teLogger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
+ logger.debug "Certificate with subject #{c.subject} / Issuer : #{c.issuer} / SN : #{c.serial_number.to_s(16)} passed through (no checking by application)"
end
if certVerified
- teLogger.debug "Verifing signature against certificate '#{c.subject}'"
+ logger.debug "Verifing signature against certificate '#{c.subject}'"
verifier = org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder.new.setProvider(prov).build(c)
if signer.verify(verifier)
- teLogger.debug "Signer with #{c.subject} verified!"
+ logger.debug "Signer with #{c.subject} verified!"
if block
block.call(:verification_result, true)
if data.nil?
block.call(:attached_data, signed.getSignedContent.getContent)
end
end
signatureVerified = true
else
- teLogger.debug "Signer with #{c.subject} failed. Retry with subsequent certificate"
+ logger.debug "Signer with #{c.subject} failed. Retry with subsequent certificate"
signatureVerified = false
end
end
rescue ::Java::OrgBouncycastleCms::CMSSignerDigestMismatchException => ex
- teLogger.error "Signer digest mismatch exception : #{ex.message}"
+ logger.error "Signer digest mismatch exception : #{ex.message}"
signatureVerified = false
break
rescue Exception => ex
- teLogger.error ex
- teLogger.error ex.message
- teLogger.error ex.backtrace.join("\n")
+ logger.error ex
+ logger.error ex.message
+ logger.error ex.backtrace.join("\n")
end
end
# end certs.getMatches
break if signatureVerified
@@ -276,21 +273,31 @@
end
intBufSize = 1024000
if block
cipher = block.call(:cipher)
- teLogger.debug "Application given cipher #{cipher}"
+ logger.debug "Application given cipher #{cipher}"
prov = block.call(:jce_provider)
intBufSize = block.call(:int_buffer_size)
os = block.call(:output_stream)
if not os.nil? and not os.is_a?(java.io.OutputStream)
raise PKCS7EngineException, "java.io.OutputStream expected but was given '#{os.class}'"
end
end
- cipher = Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :cbc }) if cipher.nil?
+ if cipher.nil?
+ cipher = CipherEngine.get_cipher_config(:aes, 256, :cbc)
+ if not_empty?(cipher)
+ cipher = cipher.first
+ else
+ raise PKCS7EngineException, "Not able to get AES/256/CBC from CipherEngine"
+ end
+ end
+
+
+ #cipher = Ccrypto::DirectCipherConfig.new({ algo: :aes, keysize: 256, mode: :cbc }) if cipher.nil?
prov = Ccrypto::Java::JCEProvider::DEFProv if is_empty?(prov)
intBufSize = 1024000 if is_empty?(intBufSize)
os = java.io.ByteArrayOutputStream.new if os.nil?
@@ -379,11 +386,11 @@
begin
encIs = r.getContentStream(kt).getContentStream
rescue Exception => ex
lastEx = ex
- teLogger.debug "Got exception : #{ex.message}. Retry with another envelope"
+ logger.debug "Got exception : #{ex.message}. Retry with another envelope"
next
end
begin
total = 0
@@ -430,14 +437,14 @@
private
def to_cms_recipint_info(obj, prov = Ccrypto::Java::JCEProvider::DEFProv)
case obj
when java.security.Certificate
- teLogger.debug "Given recipient info is java.security.Certificate"
+ logger.debug "Given recipient info is java.security.Certificate"
org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.new(obj).setProvider(prov)
when Ccrypto::X509Cert
- teLogger.debug "Given recipient info is Ccrypto::X509Cert"
+ logger.debug "Given recipient info is Ccrypto::X509Cert"
org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.new(obj.nativeX509).setProvider(prov)
else
raise PKCS7EngineException, "Unknown object to conver to CMS recipient info. Given #{obj}"
end
@@ -481,13 +488,14 @@
#end
end # to_cms_recipient_info
def cipher_to_bc_cms_algo(cipher)
+ p cipher
case cipher
when Ccrypto::CipherConfig
- case cipher.algo
+ case cipher.algo.downcase.to_sym
when :seed
eval("org.bouncycastle.cms.CMSAlgorithm::#{cipher.algo.to_s.upcase}_#{cipher.mode.to_s.upcase}")
else
eval("org.bouncycastle.cms.CMSAlgorithm::#{cipher.algo.to_s.upcase}#{cipher.keysize}_#{cipher.mode.to_s.upcase}")
end
@@ -547,11 +555,14 @@
# org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient.new(obj).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2)
#else
# raise GcryptoBcCms::Error, "Unsupported object for decryption recipient object conversion '#{obj.class}'"
#end
- end
+ end
+ def logger
+ Ccrypto::Java.logger(:pkcs7_eng)
+ end
end
end
end