gcrypto_bc_cms 0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d6bce44606b87f44bf8f5a369a1a68a1db2f0d4b
+  data.tar.gz: 04d34b485ed8bd970a4f995025139d57e39be52a
+SHA512:
+  metadata.gz: 3e5b924be73243c34ff6c041635e991f2de35470c52ac8214fd7b19e72abf75e9a7755e3bc0f0cbe663d7c9846f66cb81b386774097d525b182c69a1d4305824
+  data.tar.gz: 5972177744a6c8c83103d40956615a8a110f254c399bac69e63fba48da29f7074b3b874e5b09f67b3050a2ab1e035812dfa19d90b58aaad9ddc73f2adb35be10

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.DS_Store
+
+/test/artifacts/
+!/test/artifacts/.gitkeep
+tags

data/Gemfile

@@ -0,0 +1,10 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in gcrypto_bc_cms.gemspec
+gemspec
+
+gem 'pkernel', path: '../../pkernel/pkernel'
+gem 'pkernel_jce', path: '../../pkernel/pkernel_jce'
+
+gem 'gcrypto', path: '../gcrypto'
+gem 'gcrypto_jce', path: '../gcrypto_jce'

data/Gemfile.lock

@@ -0,0 +1,67 @@
+PATH
+  remote: ../../pkernel/pkernel_jce
+  specs:
+    pkernel_jce (0.1.0)
+      activesupport
+      tlogger
+
+PATH
+  remote: ../../pkernel/pkernel
+  specs:
+    pkernel (0.1.0)
+      tlogger
+
+PATH
+  remote: ../gcrypto_jce
+  specs:
+    gcrypto_jce (0.1.0)
+      activesupport
+      pkernel
+      pkernel_jce
+      tlogger
+
+PATH
+  remote: ../gcrypto
+  specs:
+    gcrypto (0.1.0)
+      pkernel
+      tlogger
+
+PATH
+  remote: .
+  specs:
+    gcrypto_bc_cms (0.1.0)
+      tlogger
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.2.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    concurrent-ruby (1.1.5)
+    i18n (1.6.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.11.3)
+    rake (10.5.0)
+    thread_safe (0.3.6-java)
+    tlogger (0.8.0)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  java
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  gcrypto!
+  gcrypto_bc_cms!
+  gcrypto_jce!
+  pkernel!
+  pkernel_jce!
+  rake (~> 10.0)
+
+BUNDLED WITH
+   2.0.2

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Chris Liaw
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# GcryptoBcCms
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/gcrypto_bc_cms`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'gcrypto_bc_cms'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install gcrypto_bc_cms
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/gcrypto_bc_cms.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "gcrypto_bc_cms"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gcrypto_bc_cms.gemspec

@@ -0,0 +1,43 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "gcrypto_bc_cms/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "gcrypto_bc_cms"
+  spec.version       = GcryptoBcCms::VERSION
+  spec.authors       = ["Chris Liaw"]
+  spec.email         = ["chrisliaw@antrapol.com"]
+
+  spec.summary       = %q{}
+  spec.description   = %q{}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  #if spec.respond_to?(:metadata)
+  #  spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+  #  spec.metadata["homepage_uri"] = spec.homepage
+  #  spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  #  spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+  #else
+  #  raise "RubyGems 2.0 or newer is required to protect against " \
+  #    "public gem pushes."
+  #end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+
+  spec.add_dependency 'tlogger'
+end

data/lib/gcrypto_bc_cms.rb

@@ -0,0 +1,15 @@
+
+require 'gcrypto'
+require "gcrypto_bc_cms/version"
+
+require_relative 'gcrypto_bc_cms/keypair_crypto'
+
+module GcryptoBcCms
+  class Error < StandardError; end
+  # Your code goes here...
+
+  class Gcrypto::KeyPairCms
+    extend GcryptoBcCms::KeyPairCrypto
+  end
+
+end

data/lib/gcrypto_bc_cms/error.rb

@@ -0,0 +1,6 @@
+
+
+module GcryptoBcCms
+  class Error < StandardError; end
+  
+end

data/lib/gcrypto_bc_cms/global.rb

@@ -0,0 +1,18 @@
+
+require 'singleton'
+require 'tlogger'
+
+module GcryptoBcCms
+  class GConf
+    include Singleton
+    attr_reader :logger_params, :glog
+    def initialize
+      @logger_params = STDOUT
+      @glog = Tlogger.new(STDOUT)
+      @glog.tag = :gcrypto_bc_cms
+      @glog.show_source
+    end  
+  end
+end
+
+

data/lib/gcrypto_bc_cms/io_utils.rb

@@ -0,0 +1,84 @@
+
+module GcryptoBcCms
+  module IoUtils
+   
+    def IoUtils.load_input(opts = { })
+      if opts.nil? or opts.empty?
+        raise GcryptoBcCms::Error, "No input given to load"
+      else
+        file = opts[:file]
+        bin = opts[:bin]
+        
+        if not (file.nil? or file.empty?)
+          fis = java.io.FileInputStream.new(file)
+          fis
+        elsif not bin.nil?
+          begin
+            bais = java.io.ByteArrayInputStream.new(bin.to_java_bytes)
+          rescue NoMethodError
+            bais = java.io.ByteArrayInputStream.new(bin)
+          end
+          bais
+        else
+          raise GcryptoBcCms::Error, "Neither file nor bin given to load input"
+        end
+      end
+    end
+    # 
+    # end load_input()
+    # 
+
+    def IoUtils.read_chunk(is, opts = { },&block)
+
+      raise GcryptoBcCms::Error, "Cannot read chunk from nil input stream" if is.nil?
+      raise GcryptoBcCms::Error, "Block required for read_chunk" if not block
+
+      if not is.java_kind_of?(java.io.InputStream)
+        raise GcryptoBcCms::Error, "Cannot read from '#{is.class}' object"
+      end
+
+      bufLen = opts[:buffer_length] || 10240
+      
+      b = Java::byte[bufLen].new
+      while((read = is.read(b,0,b.length)) != -1)
+        block.call(b,0,read)
+      end
+    end
+    # 
+    # end read_chunk
+    # 
+
+    def IoUtils.file_to_memory_byte_array(path)
+      if path.nil? or path.empty?
+        raise PkernelJce::Error, "Given path '#{path}' to load to memory is nil or empty"
+      else
+        f = java.io.File.new(path)
+        b = Java::byte[f.length].new
+        dis = java.io.DataInputStream.new(java.io.FileInputStream.new(f))
+        dis.readFully(b)
+        dis.close
+
+        b
+      end
+    end
+    # end file_to_memory_byte_array
+    #
+
+    def IoUtils.ensure_java_bytes(bin)
+      if not bin.java_kind_of?(Java::byte[])
+        bin.to_java_bytes
+      else
+        bin
+      end
+    end
+    # end ensure_java_bytes
+    #
+  
+  end
+  # end IoUtils
+  #
+
+end
+# end GcryptoBcCms
+# 
+

data/lib/gcrypto_bc_cms/keypair_crypto.rb

@@ -0,0 +1,512 @@
+
+require 'pkernel'
+require 'pkernel_jce'
+
+require 'gcrypto'
+require 'gcrypto_jce'
+
+require_relative 'error'
+require_relative 'io_utils'
+require_relative 'global'
+
+module GcryptoBcCms
+  module KeyPairCrypto
+    
+    #def sign(opts = { })
+    #  raise GcryptoBcCms::Error, "Insufficient parameters for CMS signature generation" if opts.nil? or opts.empty?
+    #  
+    #  ids = opts[:identities]
+    #  if ids.nil?
+    #    raise GcryptoBcCms::Error, "Identity to sign the data is not available"
+    #  end
+    #  ids = [ids] if not ids.is_a?(Array)
+
+    #  file = opts[:file]
+    #  bin = opts[:bin]
+    #  if not (file.nil? or file.empty?)
+    #    msg = org.bouncycastle.cms.CMSProcessableFile.new(java.io.File.new(file))
+    #  elsif not bin.nil?
+    #    msg = org.bouncycastle.cms.CMSProcessableByteArray.new(IoUtils.ensure_java_bytes(bin))
+    #  else
+    #    raise GcryptoBcCms::Error, "No input is given for signing"
+    #  end
+  
+    #  lst = java.util.ArrayList.new 
+
+    #  ids.each do |id|
+    #    lst.add(id.certificate)
+    #  end
+
+    #  store = org.bouncycastle.cert.jcajce.JcaCertStore.new(lst)
+    #  gen = org.bouncycastle.cms.CMSSignedDataGenerator.new
+    # 
+    #  signHash = opts[:signHash] || "SHA256" 
+    #  ids.each do |id|
+    #    GcryptoBcCms::GConf.instance.glog.debug "Adding signer #{id.certificate.subjectDN}"
+    #    prov = GcryptoJce::Provider.handle_options({ provider: id.provider })
+    #    signer = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(Pkernel::KeyPair.derive_signing_algo(id.privKey, signHash)).setProvider(prov).build(id.privKey)
+    #    infoGen = org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.new(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder.new.setProvider(prov).build()).build(signer, id.certificate)
+    #    gen.addSignerInfoGenerator(infoGen)
+    #  end
+
+    #  gen.addCertificates(store)
+    #  
+    #  attachedSign = opts[:attachedSign]
+    #  attachedSign = true if attachedSign.nil?
+    #  gen.generate(msg, attachedSign)
+    #  
+    #end    
+    ## 
+    ## end sign()
+    ## 
+
+    def sign(opts = { })
+      raise GcryptoBcCms::Error, "Insufficient parameters for CMS signature generation" if opts.nil? or opts.empty?
+      
+      ids = opts[:identities]
+      if ids.nil?
+        raise GcryptoBcCms::Error, "Identity to sign the data is not available"
+      end
+      ids = [ids] if not ids.is_a?(Array)
+
+      is = IoUtils.load_input(opts)
+ 
+      lst = java.util.ArrayList.new 
+
+      ids.each do |id|
+        lst.add(id.certificate)
+      end
+
+      store = org.bouncycastle.cert.jcajce.JcaCertStore.new(lst)
+      gen = org.bouncycastle.cms.CMSSignedDataStreamGenerator.new
+     
+      signHash = opts[:signHash] || "SHA256" 
+      ids.each do |id|
+        GcryptoBcCms::GConf.instance.glog.debug "Adding signer #{id.certificate.subjectDN}"
+        prov = GcryptoJce::Provider.handle_options({ provider: id.provider })
+        signer = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(Pkernel::KeyPair.derive_signing_algo(id.privKey, signHash)).setProvider(prov).build(id.privKey)
+        infoGen = org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder.new(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder.new.setProvider(prov).build()).build(signer, id.certificate)
+        gen.addSignerInfoGenerator(infoGen)
+      end
+
+      gen.addCertificates(store)
+      #gen.addCRLs(crlStore)
+      
+      outFile = opts[:outFile]
+      if not (outFile.nil? or outFile.empty?)
+        os = java.io.FileOutputStream.new(outFile)
+      else
+        os = java.io.ByteArrayOutputStream.new
+      end
+
+      attachedSign = opts[:attachedSign]
+      attachedSign = true if attachedSign.nil?
+
+      sos = gen.open(os, attachedSign)
+      
+      begin
+        bufConf = opts[:int_buf] || { }
+        total = 0
+        IoUtils.read_chunk(is, bufConf) do |buf, from, len|
+          sos.write(buf, from, len)
+          total += len
+          GcryptoJce::GConf.instance.glog.debug "Signed #{NumberHelper.number_to_human_size(total)}"
+        end
+      rescue Exception
+      ensure
+        begin
+          is.close
+        rescue Exception
+        end
+        begin
+          os.close
+        rescue Exception
+        end
+        begin
+          sos.close
+        rescue Exception
+        end
+      end
+    
+      if outFile.nil? or outFile.empty?
+        os.toByteArray
+      end
+
+    end    
+    # 
+    # end sign()
+    # 
+
+
+    def verify(opts = { })
+      
+      if opts.nil? or opts.empty?
+        raise GcryptoBcCms::Error, "Insufficient parameters for CMS signature verification"
+      end
+
+      prov = GcryptoJce::Provider.handle_options(opts)
+      
+      attachedSign = false
+      dataFile = opts[:file]
+      dataBin = opts[:bin]
+      if not (dataFile.nil? or dataFile.empty?)
+        data = org.bouncycastle.cms.CMSProcessableFile.new(java.io.File.new(dataFile))
+      elsif not dataBin.nil?
+        data = org.bouncycastle.cms.CMSProcessableByteArray.new(IoUtils.ensure_java_bytes(dataBin))
+      else
+        attachedSign = true
+      end
+
+      file = opts[:sign_file]
+      bin = opts[:sign_bin]
+      if not (file.nil? or file.empty?)
+        if attachedSign
+          signed = org.bouncycastle.cms.CMSSignedData.new(java.io.FileInputStream.new(file))
+        else
+          signed = org.bouncycastle.cms.CMSSignedData.new(data, java.io.FileInputStream.new(file))
+        end
+      elsif not bin.nil?
+        if attachedSign
+          signed = org.bouncycastle.cms.CMSSignedData.new(IoUtils.ensure_java_bytes(bin))
+        else
+          signed = org.bouncycastle.cms.CMSSignedData.new(data, IoUtils.ensure_java_bytes(bin))
+        end
+      else
+        raise GcryptoBcCms::Error, "Neither signature in file or memory buffer given for signatur verification"
+      end
+
+      outFile = opts[:out_file]
+      if not (outFile.nil? or outFile.empty?)
+        dataOs = java.io.FileOutputStream.new(outFile)
+      end
+      
+      result = []
+      certs = signed.certificates
+      signerInfo = signed.getSignerInfos
+      signers = signerInfo.getSigners
+      signers.each do |signer|
+        
+        certs.getMatches(signer.getSID).each do |c|
+          begin
+
+            GcryptoBcCms::GConf.instance.glog.debug "Verifying #{c.subject}..."
+            verifier = org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder.new.setProvider(prov).build(c)
+            if signer.verify(verifier)
+              GcryptoBcCms::GConf.instance.glog.debug "Signer #{c.subject} verified"
+              result << true
+              detail = { }
+              detail[:certificate] = c
+              if attachedSign
+                if dataOs.nil?
+                  detail[:data] = signed.getSignedContent.getContent
+                else
+                  begin
+                    signed.getSignedContent.write(dataOs)
+                    dataOs.flush
+                  rescue Exception
+                  ensure
+                    begin
+                      dataOs.close
+                    rescue Exception
+                    end
+                  end
+                  
+                  detail[:data_file] = outFile
+                end
+                # end if dataOs.nil?
+              end
+              
+              result << detail
+
+              break
+            end
+            
+          rescue Exception => ex
+            GcryptoBcCms::GConf.instance.glog.debug "#{c.subject} #{ex.message}"
+          end
+        end
+        # end certs.getMatches
+        
+        break if not result.empty?
+      end
+      # end signers.each
+      
+      result = [false] if result.empty?
+      
+      result
+    end
+    # 
+    # end verify()
+    # 
+
+    def encrypt(opts = { })
+      
+      is = IoUtils.load_input(opts)
+      rcpts = opts[:recipients]
+      if rcpts.nil? or rcpts.empty?
+        raise GcryptoBcCms::Error, "No recipients given to encrypt" 
+      end
+      
+      gen = org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator.new
+      rcpts.each do |re|
+        gen.addRecipientInfoGenerator(KeyPairCrypto.to_enc_recipient_info(re))
+      end
+      
+      outFile = opts[:outFile]
+      if outFile.nil? or outFile.empty?
+        out = java.io.ByteArrayOutputStream.new
+      else
+        out = java.io.FileOutputStream.new(outFile)
+      end
+
+      skCc = opts[:crypto_context]
+      if skCc.nil?
+        raise GcryptoBcCms::Error, "Crypto context is not available for CMS encrypt"
+      end
+      
+      prov = GcryptoJce::Provider.handle_options(opts)
+      encOut = gen.open(out, org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder.new(KeyPairCrypto.to_bc_cms_algo(skCc)).setProvider(prov).build())
+      
+      begin
+        bufConf = opts[:int_buf] || { }
+        total = 0
+        IoUtils.read_chunk(is, bufConf) do |buf, from, len|
+          encOut.write(buf, from, len)
+          total += len
+          GcryptoJce::GConf.instance.glog.debug "Processed #{NumberHelper.number_to_human_size(total)}"
+        end
+      rescue Exception
+      ensure
+        begin
+          is.close
+        rescue Exception
+        end
+        begin
+          out.close
+        rescue Exception
+        end
+        begin
+          encOut.close
+        rescue Exception
+        end
+      end
+
+      if outFile.nil? or outFile.empty?
+        out.toByteArray
+      end
+      
+    end
+    # 
+    # end encrypt()
+    #
+
+    def KeyPairCrypto.to_enc_recipient_info(obj, provider = GcryptoJce::Provider::DefProvider)
+      if obj.nil?
+        raise GcryptoBcCms::Error, "Given object to convert to recipient info is nil"
+      end
+
+      if Pkernel::Certificate.is_cert_object?(obj)
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is certificate"
+        cert = Pkernel::Certificate.ensure_java_cert(obj)
+        org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator.new(cert).setProvider(provider)
+      elsif GcryptoJce::SecretKey.is_secret_key?(obj)
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is secret key"
+        #org.bouncycastle.operator.jcajce.JceSymmetricKeyWrapper.new(obj).setProvider(provider)
+        org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator.new(SecureRandom.hex(8).to_java.getBytes, obj).setProvider(provider)
+      elsif obj.is_a?(Gcrypto::SecretKeyCryptoContext)
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is secret key crypto context"
+        prov = obj.key_provider
+        prov = provider if prov.nil?
+        #wrapper = org.bouncycastle.operator.jcajce.JceSymmetricKeyWrapper.new(obj.key).setProvider(prov)
+        org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator.new(obj.name.to_java.getBytes, obj.key).setProvider(prov)
+      elsif obj.is_a?(String)
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is string --> password recipient"
+        #algo = org.bouncycastle.cms.CMSAlgorithm::AES256_GCM
+        algo = org.bouncycastle.cms.CMSAlgorithm::AES256_CBC
+        salt = GcryptoJce::SecureRandomEngine.generate
+        iter = rand(1000...3000)
+        org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator.new(algo, obj.to_java.toCharArray).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2).setSaltAndIterationCount(salt,iter)
+      elsif obj.java_kind_of?(Java::byte[])
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is java byte array. Assume string --> password recipient"
+        #algo = org.bouncycastle.cms.CMSAlgorithm::AES256_GCM
+        algo = org.bouncycastle.cms.CMSAlgorithm::AES256_CBC
+        salt = GcryptoJce::SecureRandomEngine.generate
+        iter = rand(1000...3000)
+        org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator.new(algo, String.from_java_bytes(obj).toCharArray).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2).setSaltAndIterationCount(salt,iter)
+      elsif obj.java_kind_of?(Java::char[])
+        GcryptoBcCms::GConf.instance.glog.debug "Given recipient info is java char array. Assume string --> password recipient"
+        #algo = org.bouncycastle.cms.CMSAlgorithm::AES256_GCM
+        algo = org.bouncycastle.cms.CMSAlgorithm::AES256_CBC
+        salt = GcryptoJce::SecureRandomEngine.generate
+        iter = rand(1000...3000)
+        org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator.new(algo, obj).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2).setSaltAndIterationCount(salt,iter)
+      else
+        raise GcryptoBcCms::Error, "Unsupported object for encryption recipient info conversion '#{obj.class}'"
+      end
+    end
+    # end to_enc_recipient_info
+
+    def KeyPairCrypto.to_bc_cms_algo(algo)
+      case algo
+      when Gcrypto::SecretKeyCryptoContext
+        case algo.keyType
+        when :aes
+          case algo.keyLen
+          when 128, 192, 256
+            case algo.mode
+            when "CBC", "CCM", "GCM"
+              eval("org.bouncycastle.cms.CMSAlgorithm::AES#{algo.keyLen}_#{algo.mode}")
+            else
+              raise GcryptoBcCms::Error, "Unsupported mode '#{algo.mode}'"
+            end
+            # end case algo.mode
+          else
+            raise GcryptoBcCms::Error, "Unsupported key length '#{algo.keyLen}'"
+          end
+          # end case algo.keyLen
+        else
+          raise GcryptoBcCms::Error, "Unsupported key type '#{algo.keyType}'"
+        end
+        # end case algo.type
+      else
+        raise GcryptoBcCms::Error, "Unknown object to cms algo '#{algo.class}'"
+      end
+      # end case algo
+    end
+    # end to_be_cms_algo
+
+    def decrypt(opts = { })
+      
+      id = opts[:identity]
+      sk = opts[:secret_key]
+      skcc = opts[:secret_key_cc]
+      pass = opts[:password]
+
+      if not id.nil?
+        cred = id.privKey
+        provider = id.provider
+      elsif not sk.nil?
+        cred = sk
+        provider = opts[:secret_key_provider]
+      elsif not skcc.nil?
+        cred = skcc
+        provider = skcc.key_provider
+      elsif not (pass.nil? or pass.empty?)
+        cred = pass
+      else
+        raise GcryptoBcCms::Error, "No decryption credential given to decrypt data"
+      end
+      
+      is = IoUtils.load_input(opts)
+      envp = org.bouncycastle.cms.CMSEnvelopedData.new(is)
+      
+      outFile = opts[:outFile]
+      if outFile.nil? or outFile.empty?
+        out = java.io.ByteArrayOutputStream.new
+      else 
+        out = java.io.FileOutputStream.new(outFile)
+      end
+     
+      kt = KeyPairCrypto.to_dec_recipient(cred, provider)
+      
+      lastEx = nil
+      recipients = envp.getRecipientInfos.getRecipients
+      recipients.each do |r|
+        
+        begin
+          encIs = r.getContentStream(kt).getContentStream
+        #rescue Java::OrgBouncycastleCms::CMSException => ex
+        rescue Exception => ex
+          lastEx = ex
+          #if ex.message =~ /Decryption error/
+            next
+          #end
+        end
+        
+        begin
+          bufConf = opts[:int_buf] || { }
+          total = 0
+          IoUtils.read_chunk(encIs, bufConf) do |buf, from, len|
+            out.write(buf, from, len)
+            total += len
+            GcryptoJce::GConf.instance.glog.debug "Processed #{NumberHelper.number_to_human_size(total)}"
+          end
+        rescue Exception
+        ensure
+          begin
+            encIs.close
+          rescue Exception
+          end
+          begin
+            out.close
+          rescue Exception
+          end
+        end
+
+        lastEx = nil
+        break
+      end
+
+      if not lastEx.nil?
+        raise GcryptoBcCms::Error, lastEx
+      elsif outFile.nil? or outFile.empty?
+        out.toByteArray
+      end
+
+    end
+    # 
+    # end decrypt()
+    #
+
+    def KeyPairCrypto.to_dec_recipient(obj, provider = GcryptoJce::Provider::DefProvider)
+      if obj.nil?
+        raise GcryptoBcCms::Error, "Given object to convert to recipient info is nil"
+      end
+
+      if Pkernel::KeyPair.is_private_key?(obj)
+        GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is private key"
+        org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.new(obj).setProvider(provider)
+      elsif GcryptoJce::SecretKey.is_secret_key?(obj)
+        GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is secret key"
+        #w = org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper.new(obj).setProvider(provider)
+        if provider.nil?
+          org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient.new(obj)
+        else
+          org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient.new(obj).setProvider(provider)
+        end
+      elsif obj.is_a?(Gcrypto::SecretKeyCryptoContext)
+        prov = obj.key_provider
+        prov = provider if prov.nil?
+        if prov.nil?
+          GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is secret key crypto context."
+          org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient.new(obj.key)
+        else
+          GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is secret key crypto context. '#{prov.nil? ? '' : "Using provider #{prov.name}" }'"
+          org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient.new(obj.key).setProvider(prov)
+        end
+        #org.bouncycastle.operator.jcajce.JceSymmetricKeyUnwrapper.new(obj.key).setProvider(prov)
+      elsif obj.is_a?(String)
+        GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is string --> password recipient"
+        org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient.new(obj.to_java.toCharArray).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2)
+      elsif obj.java_kind_of?(Java::byte[])
+        GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is java byte array. Assume string --> password recipient"
+        org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient.new(String.from_java_bytes(obj).to_java.toCharArray).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2)
+      elsif obj.java_kind_of?(Java::char[])
+        GcryptoBcCms::GConf.instance.glog.debug "Given decryption artifacts is java char array. Assume string --> password recipient"
+        org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient.new(obj).setPasswordConversionScheme(org.bouncycastle.cms.PasswordRecipient::PKCS5_SCHEME2)
+      else
+        raise GcryptoBcCms::Error, "Unsupported object for decryption recipient object conversion '#{obj.class}'"
+      end
+    end
+    # end to_enc_recipient_info
+
+    
+  end
+  # end module KeyPairCrypto
+
+
+  class KeyPairCryptoEngine
+    extend KeyPairCrypto
+  end
+
+end

data/lib/gcrypto_bc_cms/version.rb

@@ -0,0 +1,3 @@
+module GcryptoBcCms
+  VERSION = "0.1"
+end

data/release.job

@@ -0,0 +1,52 @@
+
+
+job :release do
+
+  include_job :prompt_version
+  #ver = prompt "Please provide version for this release:", required: true
+  #set :releasing_version, ver
+
+  include_job :check_in 
+  include_job :build
+end
+
+job :prompt_version do
+  if get(:releasing_version) == nil
+    ver = prompt "Please provide version for this release:", required: true
+    set :releasing_version, ver
+  end
+end
+
+job :build do
+
+  dir File.dirname(__FILE__) 
+
+  include_job :prompt_version
+  
+  rubygem do
+    #publish build('alog.gemspec'), ignore_status: true #do |res|
+    build('gcrypto_bc_cms.gemspec') do |res|
+      publish(res, ignore_status: true) 
+    end
+  end
+  
+end
+
+
+job :check_in do
+  dir File.dirname(__FILE__)
+  git do
+    commit
+    tag 
+    push 'origin', 'master'
+    #push 'git','master'
+  end
+end
+
+job :reinstall do
+  rubygem do
+    uninstall 'gcrypto_bc_cms' 
+    install 'gcrypto_bc_cms'
+  end
+end
+

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: gcrypto_bc_cms
+version: !ruby/object:Gem::Version
+  version: '0.1'
+platform: ruby
+authors:
+- Chris Liaw
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2019-10-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  name: bundler
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  name: rake
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: tlogger
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email:
+- chrisliaw@antrapol.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- gcrypto_bc_cms.gemspec
+- lib/gcrypto_bc_cms.rb
+- lib/gcrypto_bc_cms/error.rb
+- lib/gcrypto_bc_cms/global.rb
+- lib/gcrypto_bc_cms/io_utils.rb
+- lib/gcrypto_bc_cms/keypair_crypto.rb
+- lib/gcrypto_bc_cms/version.rb
+- release.job
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.14.1
+signing_key:
+specification_version: 4
+summary: ''
+test_files: []