platform/sensinact-security/sensinact-signature-validator/src/main/java/org/eclipse/sensinact/gateway/security/signature/internal/SignatureBlock.java - gerrit/sensinact/org.eclipse.sensinact.gateway - Git at Google

 /*
 * Copyright (c) 2020 Kentyou.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
 *    Kentyou - initial API and implementation
  */
 package org.eclipse.sensinact.gateway.security.signature.internal;

 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.SignerInformation;
 import org.eclipse.sensinact.gateway.common.bundle.Mediator;
 import org.eclipse.sensinact.gateway.util.IOUtils;

 import java.io.IOException;
 import java.net.URL;
 import java.util.Iterator;

 /**
  * A Signature block is part of the meta-data of signed Jar Files. It
  * encapsulates a CMS (Cryptographic Message Standard) file.
  *
  * @author pierre parrend
  */
 public class SignatureBlock extends CMSSignedData {
     private Mediator mediator;

     public SignatureBlock(Mediator mediator, URL url) throws CMSException, IOException {
         super(IOUtils.read(url.openStream()));
         this.mediator = mediator;
     }

     /**
      * A method for retrieving the signature block in a given Jar File for a
      * given signer.
      *
      * @param sjar
      * @param signerName
      * @return SignatureBlock
      * @throws IOException
      */
     public static SignatureBlock getInstance(Mediator mediator, SignedBundle sjar, String signerName) throws IOException, CMSException {
         SignatureBlock block = null;
         final URL rsaEntry = sjar.getEntry("/META-INF/" + signerName + ".RSA");
         final URL dsaEntry = sjar.getEntry("/META-INF/" + signerName + ".DSA");
         if (dsaEntry == null) {
             if (rsaEntry != null) {
                 block = new SignatureBlock(mediator, rsaEntry);
             }
         } else {
             block = new SignatureBlock(mediator, dsaEntry);
         }
         return block;
     }

     /**
      * A method for retrieving signature from the CMS data of a signed jar.<br>
      * the archive id supposed to be signed only once by the signer.
      *
      * @param pkcs7
      * @return byte[]
      * @throws Exception
      */
     public static byte[] getSignatureFromSignedData(final CMSSignedData pkcs7) {
         final Iterator<SignerInformation> iter = pkcs7.getSignerInfos().getSigners().iterator();

         byte[] signature = null;
         SignerInformation signerInfo;

         while (iter.hasNext()) {
             signerInfo = iter.next();
             signature = signerInfo.getSignature();
         }
         return signature;
     }
 }
	/*
	* Copyright (c) 2020 Kentyou.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Kentyou - initial API and implementation
	*/
	package org.eclipse.sensinact.gateway.security.signature.internal;

	import org.bouncycastle.cms.CMSException;
	import org.bouncycastle.cms.CMSSignedData;
	import org.bouncycastle.cms.SignerInformation;
	import org.eclipse.sensinact.gateway.common.bundle.Mediator;
	import org.eclipse.sensinact.gateway.util.IOUtils;

	import java.io.IOException;
	import java.net.URL;
	import java.util.Iterator;

	/**
	* A Signature block is part of the meta-data of signed Jar Files. It
	* encapsulates a CMS (Cryptographic Message Standard) file.
	*
	* @author pierre parrend
	*/
	public class SignatureBlock extends CMSSignedData {
	private Mediator mediator;

	public SignatureBlock(Mediator mediator, URL url) throws CMSException, IOException {
	super(IOUtils.read(url.openStream()));
	this.mediator = mediator;
	}

	/**
	* A method for retrieving the signature block in a given Jar File for a
	* given signer.
	*
	* @param sjar
	* @param signerName
	* @return SignatureBlock
	* @throws IOException
	*/
	public static SignatureBlock getInstance(Mediator mediator, SignedBundle sjar, String signerName) throws IOException, CMSException {
	SignatureBlock block = null;
	final URL rsaEntry = sjar.getEntry("/META-INF/" + signerName + ".RSA");
	final URL dsaEntry = sjar.getEntry("/META-INF/" + signerName + ".DSA");
	if (dsaEntry == null) {
	if (rsaEntry != null) {
	block = new SignatureBlock(mediator, rsaEntry);
	}
	} else {
	block = new SignatureBlock(mediator, dsaEntry);
	}
	return block;
	}

	/**
	* A method for retrieving signature from the CMS data of a signed jar.<br>
	* the archive id supposed to be signed only once by the signer.
	*
	* @param pkcs7
	* @return byte[]
	* @throws Exception
	*/
	public static byte[] getSignatureFromSignedData(final CMSSignedData pkcs7) {
	final Iterator<SignerInformation> iter = pkcs7.getSignerInfos().getSigners().iterator();

	byte[] signature = null;
	SignerInformation signerInfo;

	while (iter.hasNext()) {
	signerInfo = iter.next();
	signature = signerInfo.getSignature();
	}
	return signature;
	}
	}