use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class JcaContentSignerBuilder method build.
public ContentSigner build(PrivateKey privateKey) throws OperatorCreationException {
if (privateKey instanceof CompositePrivateKey) {
return buildComposite((CompositePrivateKey) privateKey);
}
try {
final Signature sig = helper.createSignature(sigAlgId);
final AlgorithmIdentifier signatureAlgId = sigAlgId;
if (random != null) {
sig.initSign(privateKey, random);
} else {
sig.initSign(privateKey);
}
return new ContentSigner() {
private OutputStream stream = OutputStreamFactory.createStream(sig);
public AlgorithmIdentifier getAlgorithmIdentifier() {
return signatureAlgId;
}
public OutputStream getOutputStream() {
return stream;
}
public byte[] getSignature() {
try {
return sig.sign();
} catch (SignatureException e) {
throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
}
}
};
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class JcaContentSignerBuilder method buildComposite.
private ContentSigner buildComposite(CompositePrivateKey privateKey) throws OperatorCreationException {
try {
List<PrivateKey> privateKeys = privateKey.getPrivateKeys();
final ASN1Sequence sigAlgIds = ASN1Sequence.getInstance(sigAlgId.getParameters());
final Signature[] sigs = new Signature[sigAlgIds.size()];
for (int i = 0; i != sigAlgIds.size(); i++) {
sigs[i] = helper.createSignature(AlgorithmIdentifier.getInstance(sigAlgIds.getObjectAt(i)));
if (random != null) {
sigs[i].initSign(privateKeys.get(i), random);
} else {
sigs[i].initSign(privateKeys.get(i));
}
}
OutputStream sStream = OutputStreamFactory.createStream(sigs[0]);
for (int i = 1; i != sigs.length; i++) {
sStream = new TeeOutputStream(sStream, OutputStreamFactory.createStream(sigs[i]));
}
final OutputStream sigStream = sStream;
return new ContentSigner() {
OutputStream stream = sigStream;
public AlgorithmIdentifier getAlgorithmIdentifier() {
return sigAlgId;
}
public OutputStream getOutputStream() {
return stream;
}
public byte[] getSignature() {
try {
ASN1EncodableVector sigV = new ASN1EncodableVector();
for (int i = 0; i != sigs.length; i++) {
sigV.add(new DERBitString(sigs[i].sign()));
}
return new DERSequence(sigV).getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
throw new RuntimeOperatorException("exception encoding signature: " + e.getMessage(), e);
} catch (SignatureException e) {
throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
}
}
};
} catch (GeneralSecurityException e) {
throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class JcaContentVerifierProviderBuilder method build.
public ContentVerifierProvider build(final PublicKey publicKey) throws OperatorCreationException {
return new ContentVerifierProvider() {
public boolean hasAssociatedCertificate() {
return false;
}
public X509CertificateHolder getAssociatedCertificate() {
return null;
}
public ContentVerifier get(AlgorithmIdentifier algorithm) throws OperatorCreationException {
if (algorithm.getAlgorithm().equals(MiscObjectIdentifiers.id_alg_composite)) {
return createCompositeVerifier(algorithm, publicKey);
}
if (publicKey instanceof CompositePublicKey) {
List<PublicKey> keys = ((CompositePublicKey) publicKey).getPublicKeys();
for (int i = 0; i != keys.size(); i++) {
try {
Signature sig = createSignature(algorithm, (PublicKey) keys.get(i));
Signature rawSig = createRawSig(algorithm, (PublicKey) keys.get(i));
if (rawSig != null) {
return new RawSigVerifier(algorithm, sig, rawSig);
} else {
return new SigVerifier(algorithm, sig);
}
} catch (OperatorCreationException e) {
// skip incorrect keys
}
}
throw new OperatorCreationException("no matching algorithm found for key");
} else {
Signature sig = createSignature(algorithm, publicKey);
Signature rawSig = createRawSig(algorithm, publicKey);
if (rawSig != null) {
return new RawSigVerifier(algorithm, sig, rawSig);
} else {
return new SigVerifier(algorithm, sig);
}
}
}
};
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class TSPUtil method getSignatureTimestamps.
/**
* Fetches the signature time-stamp attributes from a SignerInformation object. Checks that the
* MessageImprint for each time-stamp matches the signature field. (see RFC 3161 Appendix A).
*
* @param signerInfo a SignerInformation to search for time-stamps
* @param digCalcProvider provider for digest calculators
* @return a collection of TimeStampToken objects
* @throws TSPValidationException
*/
public static Collection getSignatureTimestamps(SignerInformation signerInfo, DigestCalculatorProvider digCalcProvider) throws TSPValidationException {
List timestamps = new ArrayList();
AttributeTable unsignedAttrs = signerInfo.getUnsignedAttributes();
if (unsignedAttrs != null) {
ASN1EncodableVector allTSAttrs = unsignedAttrs.getAll(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
for (int i = 0; i < allTSAttrs.size(); ++i) {
Attribute tsAttr = (Attribute) allTSAttrs.get(i);
ASN1Set tsAttrValues = tsAttr.getAttrValues();
for (int j = 0; j < tsAttrValues.size(); ++j) {
try {
ContentInfo contentInfo = ContentInfo.getInstance(tsAttrValues.getObjectAt(j));
TimeStampToken timeStampToken = new TimeStampToken(contentInfo);
TimeStampTokenInfo tstInfo = timeStampToken.getTimeStampInfo();
DigestCalculator digCalc = digCalcProvider.get(tstInfo.getHashAlgorithm());
OutputStream dOut = digCalc.getOutputStream();
dOut.write(signerInfo.getSignature());
dOut.close();
byte[] expectedDigest = digCalc.getDigest();
if (!Arrays.constantTimeAreEqual(expectedDigest, tstInfo.getMessageImprintDigest())) {
throw new TSPValidationException("Incorrect digest in message imprint");
}
timestamps.add(timeStampToken);
} catch (OperatorCreationException e) {
throw new TSPValidationException("Unknown hash algorithm specified in timestamp");
} catch (Exception e) {
throw new TSPValidationException("Timestamp could not be parsed");
}
}
}
}
return timestamps;
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class CertificateBase method getInstance.
public static CertificateBase getInstance(Object o) {
if (o instanceof CertificateBase) {
return (CertificateBase) o;
}
ASN1Sequence seq = ASN1Sequence.getInstance(o);
ASN1Integer version = ASN1Integer.getInstance(seq.getObjectAt(0));
CertificateType type = CertificateType.getInstance(seq.getObjectAt(1));
IssuerIdentifier issuerIdentifier = IssuerIdentifier.getInstance(seq.getObjectAt(2));
ToBeSignedCertificate cert = ToBeSignedCertificate.getInstance(seq.getObjectAt(3));
Signature signature = OEROptional.getValue(Signature.class, seq.getObjectAt(4));
return new Builder().setVersion(version).setType(type).setIssuer(issuerIdentifier).setToBeSignedCertificate(cert).setSignature(signature).createCertificateBase();
}
Aggregations