use of org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute in project ats-framework by Axway.
the class SMimePackageEncryptor method sign.
@PublicAtsApi
public Package sign(Package sourcePackage) throws ActionException {
try {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
KeyStore ks = getKeystore();
// TODO wrap exception with possible causes and add some hint
PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());
// Get whole certificate chain
Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
// Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
if (certArr.length >= 1) {
LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length + ", child cert:" + certArr[0].toString());
}
X509Certificate childCert = (X509Certificate) certArr[0];
/* Create the SMIMESignedGenerator */
ASN1EncodableVector attributes = new ASN1EncodableVector();
attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN().getName()), childCert.getSerialNumber())));
SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
capabilities.addCapability(SMIMECapability.aES128_CBC);
capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
capabilities.addCapability(SMIMECapability.dES_CBC);
attributes.add(new SMIMECapabilitiesAttribute(capabilities));
if (signatureAlgorithm == null) {
// not specified explicitly
// TODO check defaults to be used
signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA";
}
SMIMESignedGenerator signer = new SMIMESignedGenerator();
JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey, childCert));
/* Add the list of certs to the generator */
List<X509Certificate> certList = new ArrayList<X509Certificate>();
for (int i = 0; i < certArr.length; i++) {
// first add child cert, and CAs
certList.add((X509Certificate) certArr[i]);
}
Store<?> certs = new JcaCertStore(certList);
signer.addCertificates(certs);
/* Sign the message */
Session session = Session.getDefaultInstance(System.getProperties(), null);
MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
MimeMessage signedMessage = new MimeMessage(session);
/* Set all original MIME headers in the signed message */
Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
while (headers.hasMoreElements()) {
signedMessage.addHeaderLine((String) headers.nextElement());
}
/* Set the content of the signed message */
signedMessage.setContent(mm);
signedMessage.saveChanges();
return new MimePackage(signedMessage);
} catch (Exception e) {
throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
}
}
Aggregations