org.bouncycastle.operator.DigestCalculatorProvider Java Examples
The following examples show how to use
org.bouncycastle.operator.DigestCalculatorProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SignHelper.java From Launcher with GNU General Public License v3.0 | 6 votes |
|
/**
* Creates the beast that can actually sign the data (for JKS, for other make it).
*/
public static CMSSignedDataGenerator createSignedDataGenerator(KeyStore keyStore, String keyAlias, String signAlgo, String keyPassword) throws KeyStoreException, OperatorCreationException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, CMSException {
List<Certificate> certChain = new ArrayList<>(Arrays.asList(keyStore.getCertificateChain(keyAlias)));
@SuppressWarnings("rawtypes")
Store certStore = new JcaCertStore(certChain);
Certificate cert = keyStore.getCertificate(keyAlias);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword != null ? keyPassword.toCharArray() : null);
ContentSigner signer = new JcaContentSignerBuilder(signAlgo).setProvider("BC").build(privateKey);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
DigestCalculatorProvider dcp = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
SignerInfoGenerator sig = new JcaSignerInfoGeneratorBuilder(dcp).build(signer, (X509Certificate) cert);
generator.addSignerInfoGenerator(sig);
generator.addCertificates(certStore);
return generator;
}
Example #2
| Source File: OcspClientBouncyCastle.java From itext2 with GNU Lesser General Public License v3.0 | 6 votes |
|
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
gen.setRequestExtensions(new Extensions(new Extension[]{ext}));
return gen.build();
}
Example #3
| Source File: CMSSignedDataBuilder.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* This method creates a builder of SignerInfoGenerator
*
* @param digestCalculatorProvider
* the digest calculator (can be pre-computed)
* @param signedAttributes
* the signedAttributes
* @param unsignedAttributes
* the unsignedAttributes
* @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the parameters
*/
private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, AttributeTable signedAttributes,
AttributeTable unsignedAttributes) {
if (DSSASN1Utils.isEmpty(signedAttributes)) {
signedAttributes = null;
}
final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributes);
if (DSSASN1Utils.isEmpty(unsignedAttributes)) {
unsignedAttributes = null;
}
final SimpleAttributeTableGenerator unsignedAttributeGenerator = new SimpleAttributeTableGenerator(unsignedAttributes);
SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider);
sigInfoGeneratorBuilder.setSignedAttributeGenerator(signedAttributeGenerator);
sigInfoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedAttributeGenerator);
return sigInfoGeneratorBuilder;
}
Example #4
| Source File: CAdESService.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public ToBeSigned getDataToSign(final DSSDocument toSignDocument, final CAdESSignatureParameters parameters) throws DSSException {
Objects.requireNonNull(toSignDocument, "toSignDocument cannot be null!");
Objects.requireNonNull(parameters, "SignatureParameters cannot be null!");
assertSigningDateInCertificateValidityRange(parameters);
final SignaturePackaging packaging = parameters.getSignaturePackaging();
assertSignaturePackaging(packaging);
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId());
final DigestCalculatorProvider dcp = getDigestCalculatorProvider(toSignDocument, parameters);
final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = cmsSignedDataBuilder.getSignerInfoGeneratorBuilder(dcp, parameters, false);
final CMSSignedData originalCmsSignedData = getCmsSignedData(toSignDocument, parameters);
final CMSSignedDataGenerator cmsSignedDataGenerator = cmsSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, originalCmsSignedData);
final DSSDocument toSignData = getToSignData(toSignDocument, parameters, originalCmsSignedData);
final CMSTypedData content = CMSUtils.getContentToBeSign(toSignData);
final boolean encapsulate = !SignaturePackaging.DETACHED.equals(packaging);
CMSUtils.generateCMSSignedData(cmsSignedDataGenerator, content, encapsulate);
final byte[] bytes = customContentSigner.getOutputStream().toByteArray();
return new ToBeSigned(bytes);
}
Example #5
| Source File: SignHelper.java From Launcher with GNU General Public License v3.0 | 5 votes |
|
public static CMSSignedDataGenerator createSignedDataGenerator(PrivateKey privateKey, Certificate cert, List<Certificate> certChain, String signAlgo) throws OperatorCreationException, CertificateEncodingException, CMSException {
@SuppressWarnings("rawtypes")
Store certStore = new JcaCertStore(certChain);
ContentSigner signer = new JcaContentSignerBuilder(signAlgo).setProvider("BC").build(privateKey);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
DigestCalculatorProvider dcp = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
SignerInfoGenerator sig = new JcaSignerInfoGeneratorBuilder(dcp).build(signer, (X509Certificate) cert);
generator.addSignerInfoGenerator(sig);
generator.addCertificates(certStore);
return generator;
}
Example #6
| Source File: CMSSignedDataBuilder.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
/**
* This method creates a builder of SignerInfoGenerator
*
* @param digestCalculatorProvider
* the digest calculator (can be pre-computed)
* @param parameters
* the parameters of the signature containing values for the attributes
* @param includeUnsignedAttributes
* true if the unsigned attributes must be included
* @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the
* CAdESLevelBaselineB
*/
SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DigestCalculatorProvider digestCalculatorProvider, final CAdESSignatureParameters parameters,
final boolean includeUnsignedAttributes) {
final CAdESLevelBaselineB cadesProfile = new CAdESLevelBaselineB();
final AttributeTable signedAttributes = cadesProfile.getSignedAttributes(parameters);
AttributeTable unsignedAttributes = null;
if (includeUnsignedAttributes) {
unsignedAttributes = cadesProfile.getUnsignedAttributes();
}
return getSignerInfoGeneratorBuilder(digestCalculatorProvider, signedAttributes, unsignedAttributes);
}
Example #7
| Source File: CAdESService.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public DSSDocument signDocument(final DSSDocument toSignDocument, final CAdESSignatureParameters parameters, SignatureValue signatureValue)
throws DSSException {
Objects.requireNonNull(toSignDocument, "toSignDocument cannot be null!");
Objects.requireNonNull(parameters, "SignatureParameters cannot be null!");
Objects.requireNonNull(signatureValue, "SignatureValue cannot be null!");
assertSigningDateInCertificateValidityRange(parameters);
final SignaturePackaging packaging = parameters.getSignaturePackaging();
assertSignaturePackaging(packaging);
final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm();
final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId(), signatureValue.getValue());
final DigestCalculatorProvider dcp = getDigestCalculatorProvider(toSignDocument, parameters);
final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = cmsSignedDataBuilder.getSignerInfoGeneratorBuilder(dcp, parameters, true);
final CMSSignedData originalCmsSignedData = getCmsSignedData(toSignDocument, parameters);
if ((originalCmsSignedData == null) && SignaturePackaging.DETACHED.equals(packaging) && Utils.isCollectionEmpty(parameters.getDetachedContents())) {
parameters.setDetachedContents(Arrays.asList(toSignDocument));
}
final CMSSignedDataGenerator cmsSignedDataGenerator = cmsSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner,
signerInfoGeneratorBuilder, originalCmsSignedData);
final DSSDocument toSignData = getToSignData(toSignDocument, parameters, originalCmsSignedData);
final CMSTypedData content = CMSUtils.getContentToBeSign(toSignData);
final boolean encapsulate = !SignaturePackaging.DETACHED.equals(packaging);
final CMSSignedData cmsSignedData = CMSUtils.generateCMSSignedData(cmsSignedDataGenerator, content, encapsulate);
DSSDocument signature = new CMSSignedDocument(cmsSignedData);
final SignatureLevel signatureLevel = parameters.getSignatureLevel();
if (!SignatureLevel.CAdES_BASELINE_B.equals(signatureLevel)) {
// true: Only the last signature will be extended
final SignatureExtension<CAdESSignatureParameters> extension = getExtensionProfile(parameters, true);
signature = extension.extendSignatures(signature, parameters);
}
signature.setName(getFinalFileName(toSignDocument, SigningOperation.SIGN, parameters.getSignatureLevel()));
parameters.reinitDeterministicId();
return signature;
}
Example #8
| Source File: CAdESService.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private DigestCalculatorProvider getDigestCalculatorProvider(DSSDocument toSignDocument, CAdESSignatureParameters parameters) {
DigestAlgorithm referenceDigestAlgorithm = parameters.getReferenceDigestAlgorithm();
if (referenceDigestAlgorithm != null) {
return new CustomMessageDigestCalculatorProvider(referenceDigestAlgorithm, toSignDocument.getDigest(referenceDigestAlgorithm));
} else if (toSignDocument instanceof DigestDocument) {
return new PrecomputedDigestCalculatorProvider((DigestDocument) toSignDocument);
}
return new BcDigestCalculatorProvider();
}
Example #9
| Source File: DSSRevocationUtils.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
public static DigestCalculator getDigestCalculator(DigestAlgorithm digestAlgorithm) {
try {
final DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build();
return digestCalculatorProvider.get(new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), DERNull.INSTANCE));
} catch (OperatorCreationException e) {
throw new DSSException(
String.format("Unable to create a DigestCalculator instance. DigestAlgorithm %s is not supported", digestAlgorithm.name()), e);
}
}
Example #10
| Source File: OCSPFuncTest.java From ph-commons with Apache License 2.0 | 5 votes |
|
@Nonnull
public static OCSPReq generateOCSPRequest (final X509Certificate aIssuerCert,
final BigInteger aCheckSerialNumber) throws OCSPException
{
try
{
final DigestCalculatorProvider aDigestCalculatorProvider = new JcaDigestCalculatorProviderBuilder ().setProvider (PBCProvider.getProvider ())
.build ();
final DigestCalculator aDigestCalculator = aDigestCalculatorProvider.get (CertificateID.HASH_SHA1);
// CertID structure is used to uniquely identify certificates that are the
// subject of an OCSP request or response and has an ASN.1 definition.
// CertID structure is defined in RFC 2560
final CertificateID aCertificateID = new JcaCertificateID (aDigestCalculator, aIssuerCert, aCheckSerialNumber);
// create details for nonce extension. The nonce extension is used to bind
// a request to a response to prevent replay attacks. As the name implies,
// the nonce value is something that the client should only use once
// within a reasonably small period.
final BigInteger aNonce = BigInteger.valueOf (System.nanoTime ());
// to create the request Extension
final Extensions aExtensions = new Extensions (new Extension (OCSPObjectIdentifiers.id_pkix_ocsp_nonce,
false,
new DEROctetString (aNonce.toByteArray ())));
// basic request generation with nonce
final OCSPReqBuilder aBuilder = new OCSPReqBuilder ();
aBuilder.addRequest (aCertificateID);
// Extension to the whole request
aBuilder.setRequestExtensions (aExtensions);
return aBuilder.build ();
}
catch (final OperatorCreationException | CertificateEncodingException ex)
{
throw new IllegalStateException (ex);
}
}
Example #11
| Source File: SignatureBlockGenerator.java From fdroidclient with GNU General Public License v3.0 | 5 votes |
|
/**
* Sign the given content using the private and public keys from the keySet, and return the encoded CMS (PKCS#7) data.
* Use of direct signature and DER encoding produces a block that is verifiable by Android recovery programs.
*/
public static byte[] generate(KeySet keySet, byte[] content) {
try {
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(content);
certList.add(keySet.getPublicKey());
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(keySet.getSignatureAlgorithm()).setProvider("BC");
ContentSigner sha1Signer = jcaContentSignerBuilder.build(keySet.getPrivateKey());
JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC");
DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build();
JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider);
jcaSignerInfoGeneratorBuilder.setDirectSignature(true);
SignerInfoGenerator signerInfoGenerator = jcaSignerInfoGeneratorBuilder.build(sha1Signer, keySet.getPublicKey());
gen.addSignerInfoGenerator(signerInfoGenerator);
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, false);
return sigData.toASN1Structure().getEncoded("DER");
} catch (Exception x) {
throw new RuntimeException(x.getMessage(), x);
}
}
