merge of 1982 CMS branch, relates to github #1982

dghgit · dghgit · commit 57ab02043841 · 2025-12-03T12:35:54.000+11:00
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataGenerator.java
@@ -138,7 +138,7 @@ public CMSSignedData generate(
         ASN1EncodableVector signerInfos = new ASN1EncodableVector();
 
         digests.clear();  // clear the current preserved digest state
-
+        digestAlgs.addAll(extraDigestAlgorithms);
         //
         // add the precalculated SignerInfo objects.
         //
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataParser.java
@@ -28,6 +28,7 @@
 import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DLSet;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfoParser;
 import org.bouncycastle.asn1.cms.SignedDataParser;
@@ -438,15 +439,15 @@ public static OutputStream replaceSigners(
         // digests
         signedData.getDigestAlgorithms().toASN1Primitive();  // skip old ones
 
-        ASN1EncodableVector digestAlgs = new ASN1EncodableVector();
-
-        for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext();)
+        Set<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
+        for (Iterator it = signerInformationStore.getSigners().iterator(); it.hasNext(); )
         {
             SignerInformation signer = (SignerInformation)it.next();
+            CMSUtils.addDigestAlgs(digestAlgs, signer, dgstAlgFinder);
             digestAlgs.add(HELPER.fixDigestAlgID(signer.getDigestAlgorithmID(), dgstAlgFinder));
         }
-
-        sigGen.getRawOutputStream().write(new DERSet(digestAlgs).getEncoded());
+        AlgorithmIdentifier[] newDigestAlgIds = (AlgorithmIdentifier[])digestAlgs.toArray(new AlgorithmIdentifier[digestAlgs.size()]);
+        sigGen.getRawOutputStream().write(new DLSet(newDigestAlgIds).getEncoded());
 
         // encap content info
         ContentInfoParser encapContentInfo = signedData.getEncapContentInfo();
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedDataStreamGenerator.java
@@ -201,6 +201,7 @@ public OutputStream open(
         sigGen.addObject(calculateVersion(eContentType));
         
         Set<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
+        digestAlgs.addAll(extraDigestAlgorithms);
 
         //
         // add the precalculated SignerInfo digest algorithms.
@@ -219,10 +220,10 @@ public OutputStream open(
         for (Iterator it = signerGens.iterator(); it.hasNext();)
         {
             SignerInfoGenerator signerGen = (SignerInfoGenerator)it.next();
-
-            digestAlgs.add(signerGen.getDigestAlgorithm());
+            digestAlgs.add(CMSSignedHelper.INSTANCE.fixDigestAlgID(signerGen.getDigestAlgorithm(), digestAlgIdFinder));
         }
 
+
         sigGen.getRawOutputStream().write(CMSUtils.convertToDlSet(digestAlgs).getEncoded());
         
         BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
@@ -4,6 +4,7 @@
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -90,6 +91,8 @@ public class CMSSignedGenerator
 
     protected DigestAlgorithmIdentifierFinder digestAlgIdFinder;
 
+    protected Set<AlgorithmIdentifier> extraDigestAlgorithms = new LinkedHashSet<AlgorithmIdentifier>();
+
     /**
      * base constructor
      */
@@ -251,4 +254,13 @@ public Map getGeneratedDigests()
     {
         return new HashMap(digests);
     }
+
+    /**
+     * Add extra digest algorithm identifiers to the digest algorithm set in resulting SignedData object.
+     * @param digestAlgorithmIDs a set of extra digest algorithms
+     * */
+    public void addDigestAlgorithms(Set<AlgorithmIdentifier> digestAlgorithmIDs)
+    {
+        extraDigestAlgorithms.addAll(digestAlgorithmIDs);
+    }
 }
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java
@@ -32,6 +32,8 @@
 import org.bouncycastle.asn1.cms.CMSAttributes;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.ocsp.OCSPResponse;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaCRLStore;
@@ -209,8 +211,45 @@ private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest)
         assertEquals(certStore.getMatches(null).size(), sp.getCertificates().getMatches(null).size());
         assertEquals(crlStore.getMatches(null).size(), sp.getCRLs().getMatches(null).size());
     }
-    
-    private void verifySignatures(CMSSignedDataParser sp) 
+
+    private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest, boolean ignoreCounterSig)
+        throws Exception
+    {
+        Store certStore = sp.getCertificates();
+        Store crlStore = sp.getCRLs();
+        SignerInformationStore signers = sp.getSignerInfos();
+
+        Set digestIDs = new HashSet(sp.getDigestAlgorithmIDs());
+
+        assertTrue(digestIDs.size() > 0);
+
+        Collection c = signers.getSigners();
+        Iterator it = c.iterator();
+
+        while (it.hasNext())
+        {
+            SignerInformation signer = (SignerInformation)it.next();
+            Collection certCollection = certStore.getMatches(signer.getSID());
+
+            Iterator certIt = certCollection.iterator();
+            X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
+
+            assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
+
+            digestIDs.remove(signer.getDigestAlgorithmID());
+
+            if (contentDigest != null)
+            {
+                assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
+            }
+        }
+
+        assertTrue(digestIDs.size() > 0);
+        assertEquals(certStore.getMatches(null).size(), sp.getCertificates().getMatches(null).size());
+        assertEquals(crlStore.getMatches(null).size(), sp.getCRLs().getMatches(null).size());
+    }
+
+    private void verifySignatures(CMSSignedDataParser sp)
         throws Exception
     {
         verifySignatures(sp, null);
@@ -364,7 +403,126 @@ public void testDSANoAttributes()
         
         verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
     }
-    
+
+    public void testAddDigestAlgorithm()
+        throws Exception
+    {
+        List certList = new ArrayList();
+        List crlList = new ArrayList();
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+        certList.add(_origCert);
+        certList.add(_signCert);
+
+        crlList.add(_signCrl);
+        crlList.add(_origCrl);
+
+        Store certs = new JcaCertStore(certList);
+        Store crls = new JcaCRLStore(crlList);
+
+        CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
+
+        ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
+
+        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
+        gen.addCertificates(certs);
+
+        gen.addCRLs(crls);
+
+        Set<AlgorithmIdentifier> oids = new HashSet<AlgorithmIdentifier>();
+        oids.add(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption));
+        gen.addDigestAlgorithms(oids);
+
+        OutputStream sigOut = gen.open(bOut);
+
+        sigOut.write(TEST_MESSAGE.getBytes());
+
+        sigOut.close();
+
+        checkSigParseable(bOut.toByteArray());
+
+        CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
+            new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
+
+        sp.getSignedContent().drain();
+
+        //
+        // compute expected content digest
+        //
+        MessageDigest md1 = MessageDigest.getInstance("SHA1", BC);
+        verifySignatures(sp, md1.digest(TEST_MESSAGE.getBytes()), true);
+
+
+        //
+        // try using existing signer
+        //
+        gen = new CMSSignedDataStreamGenerator();
+
+        gen.addSigners(sp.getSignerInfos());
+
+        gen.addCertificates(sp.getCertificates());
+        gen.addCRLs(sp.getCRLs());
+
+        bOut.reset();
+
+        sigOut = gen.open(bOut, true);
+
+        sigOut.write(TEST_MESSAGE.getBytes());
+
+        sigOut.close();
+
+        verifyEncodedData(bOut);
+        sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
+            new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
+
+        sp.getSignedContent().drain();
+
+        //
+        // look for the CRLs
+        //
+        Collection col = sp.getCRLs().getMatches(null);
+
+        assertEquals(2, col.size());
+        assertTrue(col.contains(new JcaX509CRLHolder(_signCrl)));
+        assertTrue(col.contains(new JcaX509CRLHolder(_origCrl)));
+    }
+
+    private void verifySignatures2(CMSSignedDataParser sp, byte[] contentDigest1, byte[] contentDigest2)
+        throws Exception
+    {
+        Store certStore = sp.getCertificates();
+        Store crlStore = sp.getCRLs();
+        SignerInformationStore signers = sp.getSignerInfos();
+
+        Set digestIDs = new HashSet(sp.getDigestAlgorithmIDs());
+
+        assertTrue(digestIDs.size() > 0);
+
+        Collection c = signers.getSigners();
+        Iterator it = c.iterator();
+
+        while (it.hasNext())
+        {
+            SignerInformation signer = (SignerInformation)it.next();
+            Collection certCollection = certStore.getMatches(signer.getSID());
+
+            Iterator certIt = certCollection.iterator();
+            X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
+
+            assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
+
+            digestIDs.remove(signer.getDigestAlgorithmID());
+
+            assertTrue(MessageDigest.isEqual(contentDigest1, signer.getContentDigest()) ||
+                MessageDigest.isEqual(contentDigest2, signer.getContentDigest()));
+
+        }
+
+        assertTrue(digestIDs.size() == 0);
+        assertEquals(certStore.getMatches(null).size(), sp.getCertificates().getMatches(null).size());
+        assertEquals(crlStore.getMatches(null).size(), sp.getCRLs().getMatches(null).size());
+    }
+
     public void testSHA1WithRSA()
         throws Exception
     {
