org.bouncycastle.cms.DefaultSignedAttributeTableGenerator Java Examples
The following examples show how to use
org.bouncycastle.cms.DefaultSignedAttributeTableGenerator.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CMSSignedDataBuilder.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* This method creates a builder of SignerInfoGenerator
*
* @param digestCalculatorProvider
* the digest calculator (can be pre-computed)
* @param signedAttributes
* the signedAttributes
* @param unsignedAttributes
* the unsignedAttributes
* @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the parameters
*/
private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, AttributeTable signedAttributes,
AttributeTable unsignedAttributes) {
if (DSSASN1Utils.isEmpty(signedAttributes)) {
signedAttributes = null;
}
final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributes);
if (DSSASN1Utils.isEmpty(unsignedAttributes)) {
unsignedAttributes = null;
}
final SimpleAttributeTableGenerator unsignedAttributeGenerator = new SimpleAttributeTableGenerator(unsignedAttributes);
SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider);
sigInfoGeneratorBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
sigInfoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedAttributeGenerator);
return sigInfoGeneratorBuilder;
}
Example #2
| Source File: CmsSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public byte[] sign(Credential signatureCredential, byte[] byteToSign, Map<String, Object> options) throws TechnicalConnectorException {
byte[] contentToSign = ArrayUtils.clone(byteToSign);
Map<String, Object> optionMap = new HashMap();
if (options != null) {
optionMap.putAll(options);
}
this.validateInput(signatureCredential, contentToSign);
try {
CMSTypedData content = new CMSProcessableByteArray(contentToSign);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String signatureAlgorithm = (String)SignatureUtils.getOption("signatureAlgorithm", optionMap, "Sha1WithRSA");
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder((new JcaDigestCalculatorProviderBuilder()).build());
ContentSigner contentSigner = (new JcaContentSignerBuilder(signatureAlgorithm)).build(signatureCredential.getPrivateKey());
CMSAttributeTableGenerator cmsAttributeTableGenerator = (CMSAttributeTableGenerator)SignatureUtils.getOption("signedAttributeGenerator", optionMap, new DefaultSignedAttributeTableGenerator());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(cmsAttributeTableGenerator);
generator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, signatureCredential.getCertificate()));
Certificate[] certificateChain = signatureCredential.getCertificateChain();
if (certificateChain != null && certificateChain.length > 0) {
generator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
}
boolean encapsulate = (Boolean)SignatureUtils.getOption("encapsulate", optionMap, Boolean.FALSE);
return generator.generate(content, encapsulate).getEncoded();
} catch (Exception var14) {
LOG.error(var14.getMessage(), var14);
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_SIGNATURE, var14, new Object[]{var14.getClass().getSimpleName() + " : " + var14.getMessage()});
}
}
Example #3
| Source File: CmsSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public byte[] sign(Credential signatureCredential, byte[] byteToSign, Map<String, Object> options) throws TechnicalConnectorException {
byte[] contentToSign = ArrayUtils.clone(byteToSign);
Map<String, Object> optionMap = new HashMap();
if (options != null) {
optionMap.putAll(options);
}
this.validateInput(signatureCredential, contentToSign);
try {
CMSTypedData content = new CMSProcessableByteArray(contentToSign);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String signatureAlgorithm = (String)SignatureUtils.getOption("signatureAlgorithm", optionMap, "Sha1WithRSA");
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder((new JcaDigestCalculatorProviderBuilder()).build());
ContentSigner contentSigner = (new JcaContentSignerBuilder(signatureAlgorithm)).build(signatureCredential.getPrivateKey());
CMSAttributeTableGenerator cmsAttributeTableGenerator = (CMSAttributeTableGenerator)SignatureUtils.getOption("signedAttributeGenerator", optionMap, new DefaultSignedAttributeTableGenerator());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(cmsAttributeTableGenerator);
generator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, signatureCredential.getCertificate()));
Certificate[] certificateChain = signatureCredential.getCertificateChain();
if (certificateChain != null && certificateChain.length > 0) {
generator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
}
boolean encapsulate = (Boolean)SignatureUtils.getOption("encapsulate", optionMap, Boolean.FALSE);
return generator.generate(content, encapsulate).getEncoded();
} catch (Exception var14) {
LOG.error(var14.getMessage(), var14);
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_SIGNATURE, var14, new Object[]{var14.getClass().getSimpleName() + " : " + var14.getMessage()});
}
}
Example #4
| Source File: CmsSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public byte[] sign(Credential signatureCredential, byte[] byteToSign, Map<String, Object> options) throws TechnicalConnectorException {
byte[] contentToSign = ArrayUtils.clone(byteToSign);
Map<String, Object> optionMap = new HashMap();
if (options != null) {
optionMap.putAll(options);
}
this.validateInput(signatureCredential, contentToSign);
try {
CMSTypedData content = new CMSProcessableByteArray(contentToSign);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String signatureAlgorithm = (String)SignatureUtils.getOption("signatureAlgorithm", optionMap, "Sha1WithRSA");
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder((new JcaDigestCalculatorProviderBuilder()).build());
ContentSigner contentSigner = (new JcaContentSignerBuilder(signatureAlgorithm)).build(signatureCredential.getPrivateKey());
CMSAttributeTableGenerator cmsAttributeTableGenerator = (CMSAttributeTableGenerator)SignatureUtils.getOption("signedAttributeGenerator", optionMap, new DefaultSignedAttributeTableGenerator());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(cmsAttributeTableGenerator);
generator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, signatureCredential.getCertificate()));
Certificate[] certificateChain = signatureCredential.getCertificateChain();
if (certificateChain != null && certificateChain.length > 0) {
generator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
}
boolean encapsulate = ((Boolean)SignatureUtils.getOption("encapsulate", optionMap, Boolean.FALSE));
return generator.generate(content, encapsulate).getEncoded();
} catch (Exception var14) {
LOG.error(var14.getMessage(), var14);
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_SIGNATURE, var14, new Object[]{var14.getClass().getSimpleName() + " : " + var14.getMessage()});
}
}
Example #5
| Source File: CmsSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public byte[] sign(Credential signatureCredential, byte[] byteToSign, Map<String, Object> options) throws TechnicalConnectorException {
byte[] contentToSign = ArrayUtils.clone(byteToSign);
Map<String, Object> optionMap = new HashMap();
if (options != null) {
optionMap.putAll(options);
}
this.validateInput(signatureCredential, contentToSign);
try {
CMSTypedData content = new CMSProcessableByteArray(contentToSign);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String signatureAlgorithm = (String)SignatureUtils.getOption("signatureAlgorithm", optionMap, "Sha1WithRSA");
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder((new JcaDigestCalculatorProviderBuilder()).build());
ContentSigner contentSigner = (new JcaContentSignerBuilder(signatureAlgorithm)).build(signatureCredential.getPrivateKey());
CMSAttributeTableGenerator cmsAttributeTableGenerator = (CMSAttributeTableGenerator)SignatureUtils.getOption("signedAttributeGenerator", optionMap, new DefaultSignedAttributeTableGenerator());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(cmsAttributeTableGenerator);
generator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, signatureCredential.getCertificate()));
Certificate[] certificateChain = signatureCredential.getCertificateChain();
if (certificateChain != null && certificateChain.length > 0) {
generator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
}
boolean encapsulate = ((Boolean)SignatureUtils.getOption("encapsulate", optionMap, Boolean.FALSE)).booleanValue();
return generator.generate(content, encapsulate).getEncoded();
} catch (Exception var14) {
LOG.error(var14.getMessage(), var14);
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_SIGNATURE, var14, new Object[]{var14.getClass().getSimpleName() + " : " + var14.getMessage()});
}
}
Example #6
| Source File: CmsSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public byte[] sign(Credential signatureCredential, byte[] byteToSign, Map<String, Object> options) throws TechnicalConnectorException {
byte[] contentToSign = ArrayUtils.clone(byteToSign);
Map<String, Object> optionMap = new HashMap();
if (options != null) {
optionMap.putAll(options);
}
this.validateInput(signatureCredential, contentToSign);
try {
CMSTypedData content = new CMSProcessableByteArray(contentToSign);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String signatureAlgorithm = (String)SignatureUtils.getOption("signatureAlgorithm", optionMap, "Sha1WithRSA");
JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder((new JcaDigestCalculatorProviderBuilder()).build());
ContentSigner contentSigner = (new JcaContentSignerBuilder(signatureAlgorithm)).build(signatureCredential.getPrivateKey());
CMSAttributeTableGenerator cmsAttributeTableGenerator = (CMSAttributeTableGenerator)SignatureUtils.getOption("signedAttributeGenerator", optionMap, new DefaultSignedAttributeTableGenerator());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(cmsAttributeTableGenerator);
generator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(contentSigner, signatureCredential.getCertificate()));
Certificate[] certificateChain = signatureCredential.getCertificateChain();
if (certificateChain != null && certificateChain.length > 0) {
generator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
}
boolean encapsulate = (Boolean) SignatureUtils.getOption("encapsulate", optionMap, Boolean.FALSE);
return generator.generate(content, encapsulate).getEncoded();
} catch (Exception var14) {
LOG.error(var14.getMessage(), var14);
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_SIGNATURE, var14, new Object[]{var14.getClass().getSimpleName() + " : " + var14.getMessage()});
}
}
Example #7
| Source File: CreateSignature.java From testarea-pdfbox2 with Apache License 2.0 | 4 votes |
|
/**
* <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
* Create pkcs7 signature from file digest
* </a>
* <p>
* The OP's own <code>sign</code> method which has some errors. These
* errors are fixed in {@link #signWithSeparatedHashing(InputStream)}.
* </p>
*/
public byte[] signBySnox(InputStream content) throws IOException {
// testSHA1WithRSAAndAttributeTable
try {
MessageDigest md = MessageDigest.getInstance("SHA1", "BC");
List<Certificate> certList = new ArrayList<Certificate>();
CMSTypedData msg = new CMSProcessableByteArray(IOUtils.toByteArray(content));
certList.addAll(Arrays.asList(chain));
Store<?> certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
Attribute attr = new Attribute(CMSAttributes.messageDigest,
new DERSet(new DEROctetString(md.digest(IOUtils.toByteArray(content)))));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
AlgorithmIdentifier sha1withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
gen.addSignerInfoGenerator(builder.build(
new BcRSAContentSignerBuilder(sha1withRSA,
new DefaultDigestAlgorithmIdentifierFinder().find(sha1withRSA))
.build(PrivateKeyFactory.createKey(pk.getEncoded())),
new JcaX509CertificateHolder(cert)));
gen.addCertificates(certs);
CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
return new CMSSignedData(msg, s.getEncoded()).getEncoded();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(e);
}
}
Example #8
| Source File: CreateSignature.java From testarea-pdfbox2 with Apache License 2.0 | 4 votes |
|
/**
* <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
* Create pkcs7 signature from file digest
* </a>
* <p>
* The OP's <code>sign</code> method after fixing some errors. The
* OP's original method is {@link #signBySnox(InputStream)}. The
* errors were
* </p>
* <ul>
* <li>multiple attempts at reading the {@link InputStream} parameter;
* <li>convoluted creation of final CMS container.
* </ul>
* <p>
* Additionally this method uses SHA256 instead of SHA-1.
* </p>
*/
public byte[] signWithSeparatedHashing(InputStream content) throws IOException
{
try
{
// Digest generation step
MessageDigest md = MessageDigest.getInstance("SHA256", "BC");
byte[] digest = md.digest(IOUtils.toByteArray(content));
// Separate signature container creation step
List<Certificate> certList = Arrays.asList(chain);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
Attribute attr = new Attribute(CMSAttributes.messageDigest,
new DERSet(new DEROctetString(digest)));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
AlgorithmIdentifier sha256withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
gen.addSignerInfoGenerator(builder.build(
new BcRSAContentSignerBuilder(sha256withRSA,
new DefaultDigestAlgorithmIdentifierFinder().find(sha256withRSA))
.build(PrivateKeyFactory.createKey(pk.getEncoded())),
new JcaX509CertificateHolder(cert)));
gen.addCertificates(certs);
CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
return s.getEncoded();
}
catch (Exception e)
{
e.printStackTrace();
throw new IOException(e);
}
}
Example #9
| Source File: NextCaMessage.java From xipki with Apache License 2.0 | 4 votes |
|
public ContentInfo encode(PrivateKey signingKey, X509Cert signerCert,
X509Cert[] cmsCertSet) throws MessageEncodingException {
Args.notNull(signingKey, "signingKey");
Args.notNull(signerCert, "signerCert");
try {
CMSSignedDataGenerator degenerateSignedData = new CMSSignedDataGenerator();
degenerateSignedData.addCertificate(caCert.toBcCert());
if (CollectionUtil.isNotEmpty(raCerts)) {
for (X509Cert m : raCerts) {
degenerateSignedData.addCertificate(m.toBcCert());
}
}
byte[] degenratedSignedDataBytes = degenerateSignedData.generate(
new CMSAbsentContent()).getEncoded();
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// I don't known which hash algorithm is supported by the client, use SHA-1
String signatureAlgo = getSignatureAlgorithm(signingKey, HashAlgo.SHA1);
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgo).build(signingKey);
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(
new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator());
SignerInfoGenerator signerInfo = signerInfoBuilder.build(signer, signerCert.toBcCert());
generator.addSignerInfoGenerator(signerInfo);
CMSTypedData cmsContent = new CMSProcessableByteArray(CMSObjectIdentifiers.signedData,
degenratedSignedDataBytes);
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
return generator.generate(cmsContent, true).toASN1Structure();
} catch (CMSException | CertificateEncodingException | IOException
| OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
}
