Search in sources :

Example 1 with SignerException

use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.

the class SignVerifyDocument method main.

public static void main(String[] args) throws StoreLoaderException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, SignerException, IOException {
    String password = "beesphere";
    String alias = "beesphere";
    String p12 = "beesphere.p12";
    final String cer = "beesphere.cer";
    CertificatesManager cm = new DefaultCertificatesManager();
    Map<String, Object> properties = new HashMap<String, Object>();
    properties.put(CertificatesManager.KEY_PASSWORD, password);
    KeyStore ks = cm.load(new FileInputStream(p12), properties);
    PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray());
    Signer signer = new DefaultSigner();
    SecureDocument doc = new StringSecureDocument("a document to sign");
    signer.sign(doc, key, new X509Certificate[] { ReadX509.read(new FileInputStream(cer)) });
    System.out.println(new String(doc.getBytes()));
    signer.verify(doc, new CertificateAcceptor() {

        private static final long serialVersionUID = 8524753501741582177L;

        @Override
        public boolean accept(X509Certificate cert) throws SignerException {
            try {
                return cert.equals(ReadX509.read(new FileInputStream(cer)));
            } catch (Throwable th) {
                throw new SignerException(th, th.getMessage());
            }
        }
    });
    System.out.println(new String(doc.getBytes()));
}
Also used : StringSecureDocument(com.bluenimble.platform.crypto.signer.impl.StringSecureDocument) DefaultSigner(com.bluenimble.platform.crypto.signer.impl.DefaultSigner) PrivateKey(java.security.PrivateKey) DefaultCertificatesManager(com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager) HashMap(java.util.HashMap) CertificateAcceptor(com.bluenimble.platform.crypto.signer.CertificateAcceptor) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) SecureDocument(com.bluenimble.platform.crypto.SecureDocument) StringSecureDocument(com.bluenimble.platform.crypto.signer.impl.StringSecureDocument) DefaultSigner(com.bluenimble.platform.crypto.signer.impl.DefaultSigner) Signer(com.bluenimble.platform.crypto.signer.Signer) CertificatesManager(com.bluenimble.platform.crypto.generator.CertificatesManager) DefaultCertificatesManager(com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager) SignerException(com.bluenimble.platform.crypto.signer.SignerException)

Example 2 with SignerException

use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.

the class DefaultSigner method verify.

// Updated
@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
    try {
        if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
            SignatureAware signed = (SignatureAware) doc;
            byte[] signature = signed.getSignature();
            if (signature == null) {
                throw new SignerException("Signature not found in document");
            }
            Key key = signed.getKey();
            if (key == null) {
                throw new SignerException("Secret key not found in document");
            }
            sign(doc, key, null);
            byte[] expected = ((SignatureAware) doc).getSignature();
            if (!equals(signature, expected)) {
                throw new SignerException("Invalid signature");
            }
        } else {
            CMSSignedData signature = new CMSSignedData(doc.getBytes());
            SignerInformation signer = (SignerInformation) signature.getSignerInfos().getSigners().iterator().next();
            // CertStore cs = signature.getCertificatesAndCRLs ("Collection", "BC"); //TODO : base Store returning method
            Store<?> cs = signature.getCertificates();
            Collection<?> matches = cs.getMatches(signer.getSID());
            Iterator<?> iter = matches.iterator();
            while (iter.hasNext()) {
                JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
                converter.setProvider("BC");
                X509Certificate cert = converter.getCertificate((X509CertificateHolder) iter.next());
                if (acceptor != null && !acceptor.accept(cert)) {
                    throw new SignerException("Invalid Signing Certificate, Not Accepted");
                }
                if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) {
                    throw new SignerException("Invalid signature");
                }
            }
            CMSProcessable sc = signature.getSignedContent();
            doc.setBytes((byte[]) sc.getContent());
        }
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}
Also used : SignatureAware(com.bluenimble.platform.crypto.SignatureAware) SignerInformation(org.bouncycastle.cms.SignerInformation) JcaSimpleSignerInfoVerifierBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) CMSProcessable(org.bouncycastle.cms.CMSProcessable) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) SignerException(com.bluenimble.platform.crypto.signer.SignerException) StringKey(com.bluenimble.platform.crypto.signer.StringKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey)

Example 3 with SignerException

use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.

the class DefaultSigner method signWithKey.

private void signWithKey(SecureDocument doc, SecretKey key) throws SignerException {
    try {
        byte[] signature = null;
        if (key.getAlgorithm().equals(Algorithm.HmacSHA1.getId())) {
            Mac mac = Mac.getInstance(key.getAlgorithm());
            mac.init(key);
            signature = doc.getBytes();
            if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
                ((SignatureAware) doc).setSignature(Base64.encode(mac.doFinal(signature)));
            } else {
                doc.setBytes(mac.doFinal(signature));
            }
        } else {
            MessageDigest md = MessageDigest.getInstance(key.getAlgorithm());
            signature = md.digest(doc.getBytes());
            if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
                ((SignatureAware) doc).setSignature(hexEncode(signature));
            } else {
                doc.setBytes(hexEncode(signature));
            }
        }
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}
Also used : SignatureAware(com.bluenimble.platform.crypto.SignatureAware) MessageDigest(java.security.MessageDigest) SignerException(com.bluenimble.platform.crypto.signer.SignerException) Mac(javax.crypto.Mac)

Example 4 with SignerException

use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.

the class SimpleSigner method verify.

@Override
public void verify(SecureDocument doc, CertificateAcceptor acceptor) throws SignerException {
    try {
        if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
            SignatureAware signed = (SignatureAware) doc;
            byte[] signature = signed.getSignature();
            if (signature == null) {
                throw new SignerException("Signature not found in document");
            }
            Key key = signed.getKey();
            if (key == null) {
                throw new SignerException("Secret key not found in document");
            }
            sign(doc, key, null);
            byte[] expected = ((SignatureAware) doc).getSignature();
            if (!equals(signature, expected)) {
                throw new SignerException("Invalid signature");
            }
        }
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}
Also used : SignatureAware(com.bluenimble.platform.crypto.SignatureAware) SignerException(com.bluenimble.platform.crypto.signer.SignerException) StringKey(com.bluenimble.platform.crypto.signer.StringKey) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Example 5 with SignerException

use of com.bluenimble.platform.crypto.signer.SignerException in project serverless by bluenimble.

the class SimpleSigner method signWithKey.

private void signWithKey(SecureDocument doc, SecretKey key) throws SignerException {
    try {
        byte[] signature = null;
        if (key.getAlgorithm().equals(Algorithm.HmacSHA1.getId())) {
            Mac mac = Mac.getInstance(key.getAlgorithm());
            mac.init(key);
            signature = doc.getBytes();
            if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
                ((SignatureAware) doc).setSignature(new Base64().encode(mac.doFinal(signature)));
            } else {
                doc.setBytes(mac.doFinal(signature));
            }
        } else {
            MessageDigest md = MessageDigest.getInstance(key.getAlgorithm());
            signature = md.digest(doc.getBytes());
            if (SignatureAware.class.isAssignableFrom(doc.getClass())) {
                ((SignatureAware) doc).setSignature(hexEncode(signature));
            } else {
                doc.setBytes(hexEncode(signature));
            }
        }
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}
Also used : Base64(com.bluenimble.platform.crypto.Base64) SignatureAware(com.bluenimble.platform.crypto.SignatureAware) MessageDigest(java.security.MessageDigest) SignerException(com.bluenimble.platform.crypto.signer.SignerException) Mac(javax.crypto.Mac)

Aggregations

SignerException (com.bluenimble.platform.crypto.signer.SignerException)6 SignatureAware (com.bluenimble.platform.crypto.SignatureAware)4 X509Certificate (java.security.cert.X509Certificate)3 StringKey (com.bluenimble.platform.crypto.signer.StringKey)2 Key (java.security.Key)2 MessageDigest (java.security.MessageDigest)2 PrivateKey (java.security.PrivateKey)2 Mac (javax.crypto.Mac)2 SecretKey (javax.crypto.SecretKey)2 CMSSignedData (org.bouncycastle.cms.CMSSignedData)2 Base64 (com.bluenimble.platform.crypto.Base64)1 SecureDocument (com.bluenimble.platform.crypto.SecureDocument)1 CertificatesManager (com.bluenimble.platform.crypto.generator.CertificatesManager)1 DefaultCertificatesManager (com.bluenimble.platform.crypto.generator.impl.DefaultCertificatesManager)1 CertificateAcceptor (com.bluenimble.platform.crypto.signer.CertificateAcceptor)1 Signer (com.bluenimble.platform.crypto.signer.Signer)1 DefaultSigner (com.bluenimble.platform.crypto.signer.impl.DefaultSigner)1 StringSecureDocument (com.bluenimble.platform.crypto.signer.impl.StringSecureDocument)1 FileInputStream (java.io.FileInputStream)1 KeyStore (java.security.KeyStore)1