Example 1 with SignerException
use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.
the class SignVerifyDocument method main.
public static void main(String[] args) throws StoreLoaderException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, SignerException, IOException {
String password = "beesphere";
String alias = "beesphere";
String p12 = "beesphere.p12";
final String cer = "beesphere.cer";
CertificatesManager cm = new DefaultCertificatesManager();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(CertificatesManager.KEY_PASSWORD, password);
KeyStore ks = cm.load(new FileInputStream(p12), properties);
PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray());
Signer signer = new DefaultSigner();
SecureDocument doc = new StringSecureDocument("a document to sign");
signer.sign(doc, key, new X509Certificate[] { ReadX509.read(new FileInputStream(cer)) });
System.out.println(new String(doc.getBytes()));
signer.verify(doc, new CertificateAcceptor() {
private static final long serialVersionUID = 8524753501741582177L;
@Override
public boolean accept(X509Certificate cert) throws SignerException {
try {
return cert.equals(ReadX509.read(new FileInputStream(cer)));
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
});
System.out.println(new String(doc.getBytes()));
}
Also used :
StringSecureDocument(com.bluenimble.platform.crypto.signer.impl.StringSecureDocument)
DefaultSigner(com.bluenimble.platform.crypto.signer.impl.DefaultSigner)
PrivateKey(java.security.PrivateKey)
DefaultCertificatesManager(com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager)
HashMap(java.util.HashMap)
CertificateAcceptor(com.bluenimble.platform.crypto.signer.CertificateAcceptor)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
SecureDocument(com.bluenimble.platform.crypto.SecureDocument)
StringSecureDocument(com.bluenimble.platform.crypto.signer.impl.StringSecureDocument)
DefaultSigner(com.bluenimble.platform.crypto.signer.impl.DefaultSigner)
Signer(com.bluenimble.platform.crypto.signer.Signer)
CertificatesManager(com.bluenimble.platform.crypto.generator.CertificatesManager)
DefaultCertificatesManager(com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
Example 2 with SignerException
use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.
the class DefaultSigner method verify.
// Updated
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
try {
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
SignatureAware signed = (SignatureAware) doc;
byte[] signature = signed.getSignature();
if (signature == null) {
throw new SignerException("Signature not found in document");
}
Key key = signed.getKey();
if (key == null) {
throw new SignerException("Secret key not found in document");
}
sign(doc, key, null);
byte[] expected = ((SignatureAware) doc).getSignature();
if (!equals(signature, expected)) {
throw new SignerException("Invalid signature");
}
} else {
CMSSignedData signature = new CMSSignedData(doc.getBytes());
SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
// CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC"); //TODO : base Store returning method
Store<?> cs = signature.getCertificates();
Collection<?> matches = cs.getMatches(signer.getSID());
Iterator<?> iter = matches.iterator();
while (iter.hasNext()) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
converter.setProvider("BC");
X509Certificate cert = converter.getCertificate((X509CertificateHolder) iter.next());
if (acceptor != null && !acceptor.accept(cert)) {
throw new SignerException("Invalid Signing Certificate, Not Accepted");
}
if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
throw new SignerException("Invalid signature");
}
}
CMSProcessable sc = signature.getSignedContent();
doc.setBytes((byte[]) sc.getContent());
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
SignerInformation(org.bouncycastle.cms.SignerInformation)
JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
StringKey(com.bluenimble.platform.crypto.signer.StringKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Example 3 with SignerException
use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.
the class DefaultSigner method signWithKey.
private void signWithKey(SecureDocument doc, SecretKey key) throws SignerException {
try {
byte[] signature = null;
if (key.getAlgorithm().equals(Algorithm.HmacSHA1.getId())) {
Mac mac = Mac.getInstance(key.getAlgorithm());
mac.init(key);
signature = doc.getBytes();
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
((SignatureAware) doc).setSignature(Base64.encode(mac.doFinal(signature)));
} else {
doc.setBytes(mac.doFinal(signature));
}
} else {
MessageDigest md = MessageDigest.getInstance(key.getAlgorithm());
signature = md.digest(doc.getBytes());
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
((SignatureAware) doc).setSignature(hexEncode(signature));
} else {
doc.setBytes(hexEncode(signature));
}
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
MessageDigest(java.security.MessageDigest)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
Mac(javax.crypto.Mac)
Example 4 with SignerException
use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.
the class SimpleSigner method verify.
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
try {
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
SignatureAware signed = (SignatureAware) doc;
byte[] signature = signed.getSignature();
if (signature == null) {
throw new SignerException("Signature not found in document");
}
Key key = signed.getKey();
if (key == null) {
throw new SignerException("Secret key not found in document");
}
sign(doc, key, null);
byte[] expected = ((SignatureAware) doc).getSignature();
if (!equals(signature, expected)) {
throw new SignerException("Invalid signature");
}
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
StringKey(com.bluenimble.platform.crypto.signer.StringKey)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Example 5 with SignerException
use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.
the class SimpleSigner method signWithKey.
private void signWithKey(SecureDocument doc, SecretKey key) throws SignerException {
try {
byte[] signature = null;
if (key.getAlgorithm().equals(Algorithm.HmacSHA1.getId())) {
Mac mac = Mac.getInstance(key.getAlgorithm());
mac.init(key);
signature = doc.getBytes();
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
((SignatureAware) doc).setSignature(new Base64().encode(mac.doFinal(signature)));
} else {
doc.setBytes(mac.doFinal(signature));
}
} else {
MessageDigest md = MessageDigest.getInstance(key.getAlgorithm());
signature = md.digest(doc.getBytes());
if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
((SignatureAware) doc).setSignature(hexEncode(signature));
} else {
doc.setBytes(hexEncode(signature));
}
}
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
Base64(com.bluenimble.platform.crypto.Base64)
SignatureAware(com.bluenimble.platform.crypto.SignatureAware)
MessageDigest(java.security.MessageDigest)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
Mac(javax.crypto.Mac)
Aggregations
SignerException (com.bluenimble.platform.crypto.signer.SignerException)6
SignatureAware (com.bluenimble.platform.crypto.SignatureAware)4
X509Certificate (java.security.cert.X509Certificate)3
StringKey (com.bluenimble.platform.crypto.signer.StringKey)2
Key (java.security.Key)2
MessageDigest (java.security.MessageDigest)2
PrivateKey (java.security.PrivateKey)2
Mac (javax.crypto.Mac)2
SecretKey (javax.crypto.SecretKey)2
CMSSignedData (org.bouncycastle.cms.CMSSignedData)2
Base64 (com.bluenimble.platform.crypto.Base64)1
SecureDocument (com.bluenimble.platform.crypto.SecureDocument)1
CertificatesManager (com.bluenimble.platform.crypto.generator.CertificatesManager)1
DefaultCertificatesManager (com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager)1
CertificateAcceptor (com.bluenimble.platform.crypto.signer.CertificateAcceptor)1
Signer (com.bluenimble.platform.crypto.signer.Signer)1
DefaultSigner (com.bluenimble.platform.crypto.signer.impl.DefaultSigner)1
StringSecureDocument (com.bluenimble.platform.crypto.signer.impl.StringSecureDocument)1
FileInputStream (java.io.FileInputStream)1
KeyStore (java.security.KeyStore)1
