Example 1 with SignerIdentifier
use of com.github.zhenwei.pkix.util.asn1.cms.SignerIdentifier in project robovm by robovm.
the class SignerInfoGeneratorBuilder method build.
/**
* Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier.
*
* @param contentSigner operator for generating the final signature in the SignerInfo with.
* @param certHolder carrier for the X.509 certificate related to the contentSigner.
* @return a SignerInfoGenerator
* @throws OperatorCreationException if the generator cannot be built.
*/
public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) throws OperatorCreationException {
SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certHolder.toASN1Structure()));
SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId);
sigInfoGen.setAssociatedCertificate(certHolder);
return sigInfoGen;
}
Also used :
IssuerAndSerialNumber(org.bouncycastle.asn1.cms.IssuerAndSerialNumber)
SignerIdentifier(org.bouncycastle.asn1.cms.SignerIdentifier)
Example 2 with SignerIdentifier
use of com.github.zhenwei.pkix.util.asn1.cms.SignerIdentifier in project LinLong-Java by zhenwei1108.
the class SignerInfoGenerator method generate.
public SignerInfo generate(ASN1ObjectIdentifier contentType) throws CMSException {
try {
/* RFC 3852 5.4
* The result of the message digest calculation process depends on
* whether the signedAttrs field is present. When the field is absent,
* the result is just the message digest of the content as described
*
* above. When the field is present, however, the result is the message
* digest of the complete DER encoding of the SignedAttrs value
* contained in the signedAttrs field.
*/
ASN1Set signedAttr = null;
AlgorithmIdentifier digestEncryptionAlgorithm = sigEncAlgFinder.findEncryptionAlgorithm(signer.getAlgorithmIdentifier());
AlgorithmIdentifier digestAlg = null;
if (sAttrGen != null) {
digestAlg = digester.getAlgorithmIdentifier();
calculatedDigest = digester.getDigest();
Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), digestEncryptionAlgorithm, calculatedDigest);
AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
signedAttr = getAttributeSet(signed);
// sig must be composed from the DER encoding.
OutputStream sOut = signer.getOutputStream();
sOut.write(signedAttr.getEncoded(ASN1Encoding.DER));
sOut.close();
} else {
digestAlg = digestAlgorithm;
if (digester != null) {
calculatedDigest = digester.getDigest();
} else {
calculatedDigest = null;
}
}
byte[] sigBytes = signer.getSignature();
ASN1Set unsignedAttr = null;
if (unsAttrGen != null) {
Map parameters = getBaseParameters(contentType, digestAlg, digestEncryptionAlgorithm, calculatedDigest);
parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes));
AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters));
unsignedAttr = getAttributeSet(unsigned);
}
if (sAttrGen == null) {
// RFC 8419, Section 3.2 - needs to be shake-256, not shake-256-len
if (EdECObjectIdentifiers.id_Ed448.equals(digestEncryptionAlgorithm.getAlgorithm())) {
digestAlg = new AlgorithmIdentifier(NISTObjectIdentifiers.id_shake256);
}
}
return new SignerInfo(signerIdentifier, digestAlg, signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr);
} catch (IOException e) {
throw new CMSException("encoding error.", e);
}
}
Also used :
SignerInfo(com.github.zhenwei.pkix.util.asn1.cms.SignerInfo)
ASN1Set(com.github.zhenwei.core.asn1.ASN1Set)
OutputStream(java.io.OutputStream)
TeeOutputStream(com.github.zhenwei.core.util.io.TeeOutputStream)
AttributeTable(com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)
IOException(java.io.IOException)
HashMap(java.util.HashMap)
Map(java.util.Map)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
Example 3 with SignerIdentifier
use of com.github.zhenwei.pkix.util.asn1.cms.SignerIdentifier in project LinLong-Java by zhenwei1108.
the class SignerInfoGeneratorBuilder method build.
/**
* Build a generator with the passed in certHolder issuer and serial number as the
* signerIdentifier.
*
* @param contentSigner operator for generating the final signature in the SignerInfo with.
* @param certHolder carrier for the X.509 certificate related to the contentSigner.
* @return a SignerInfoGenerator
* @throws OperatorCreationException if the generator cannot be built.
*/
public SignerInfoGenerator build(ContentSigner contentSigner, X509CertificateHolder certHolder) throws OperatorCreationException {
SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certHolder.toASN1Structure()));
SignerInfoGenerator sigInfoGen = createGenerator(contentSigner, sigId);
sigInfoGen.setAssociatedCertificate(certHolder);
return sigInfoGen;
}
Also used :
IssuerAndSerialNumber(com.github.zhenwei.pkix.util.asn1.cms.IssuerAndSerialNumber)
SignerIdentifier(com.github.zhenwei.pkix.util.asn1.cms.SignerIdentifier)
Aggregations
ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)1
DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1
AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)1
TeeOutputStream (com.github.zhenwei.core.util.io.TeeOutputStream)1
AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)1
IssuerAndSerialNumber (com.github.zhenwei.pkix.util.asn1.cms.IssuerAndSerialNumber)1
SignerIdentifier (com.github.zhenwei.pkix.util.asn1.cms.SignerIdentifier)1
SignerInfo (com.github.zhenwei.pkix.util.asn1.cms.SignerInfo)1
IOException (java.io.IOException)1
OutputStream (java.io.OutputStream)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
IssuerAndSerialNumber (org.bouncycastle.asn1.cms.IssuerAndSerialNumber)1
SignerIdentifier (org.bouncycastle.asn1.cms.SignerIdentifier)1
