Example 1 with CMSAbsentContent
use of org.bouncycastle.cms.CMSAbsentContent in project xipki by xipki.
the class ScepResponder method createSignedData.
private ContentInfo createSignedData(Certificate cert) throws CaException {
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
CMSSignedData cmsSigneddata;
try {
cmsSignedDataGen.addCertificate(new X509CertificateHolder(cert));
if (control.isSendCaCert()) {
cmsSignedDataGen.addCertificate(new X509CertificateHolder(caEmulator.getCaCert()));
}
cmsSigneddata = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
throw new CaException(ex);
}
return cmsSigneddata.toASN1Structure();
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSException(org.bouncycastle.cms.CMSException)
Example 2 with CMSAbsentContent
use of org.bouncycastle.cms.CMSAbsentContent in project xipki by xipki.
the class PkiMessage method encode.
public ContentInfo encode(ContentSigner signer, X509Certificate signerCert, X509Certificate[] cmsCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
ScepUtil.requireNonNull("signer", signer);
ScepUtil.requireNonNull("signerCert", signerCert);
if (messageData != null) {
ScepUtil.requireNonNull("recipientCert", recipientCert);
ScepUtil.requireNonNull("encAlgId", encAlgId);
}
CMSTypedData content;
if (messageData == null) {
content = new CMSAbsentContent();
} else {
CMSEnvelopedData envelopedData = encrypt(recipientCert, encAlgId);
byte[] encoded;
try {
encoded = envelopedData.getEncoded();
} catch (IOException ex) {
throw new MessageEncodingException(ex);
}
content = new CMSProcessableByteArray(CMSObjectIdentifiers.envelopedData, encoded);
}
try {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(getSignedAttributes()));
AttributeTable attrTable = getUnsignedAttributes();
if (attrTable != null) {
signerInfoBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
}
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
SignerInfoGenerator signerInfo;
try {
signerInfo = signerInfoBuilder.build(signer, signerCert);
} catch (Exception ex) {
throw new MessageEncodingException(ex);
}
generator.addSignerInfoGenerator(signerInfo);
CMSSignedData signedData = generator.generate(content, true);
return signedData.toASN1Structure();
} catch (CMSException ex) {
throw new MessageEncodingException(ex);
} catch (Exception ex) {
throw new MessageEncodingException(ex);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
CMSEnvelopedData(org.bouncycastle.cms.CMSEnvelopedData)
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
AttributeTable(org.bouncycastle.asn1.cms.AttributeTable)
IOException(java.io.IOException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
IOException(java.io.IOException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SimpleAttributeTableGenerator(org.bouncycastle.cms.SimpleAttributeTableGenerator)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
CMSException(org.bouncycastle.cms.CMSException)
Example 3 with CMSAbsentContent
use of org.bouncycastle.cms.CMSAbsentContent in project xipki by xipki.
the class NextCaMessage method encode.
public ContentInfo encode(PrivateKey signingKey, X509Certificate signerCert, X509Certificate[] cmsCertSet) throws MessageEncodingException {
ScepUtil.requireNonNull("signingKey", signingKey);
ScepUtil.requireNonNull("signerCert", signerCert);
try {
byte[] degenratedSignedDataBytes;
try {
CMSSignedDataGenerator degenerateSignedData = new CMSSignedDataGenerator();
degenerateSignedData.addCertificate(new X509CertificateHolder(caCert.getEncoded()));
if (raCerts != null && !raCerts.isEmpty()) {
for (X509Certificate m : raCerts) {
degenerateSignedData.addCertificate(new X509CertificateHolder(m.getEncoded()));
}
}
degenratedSignedDataBytes = degenerateSignedData.generate(new CMSAbsentContent()).getEncoded();
} catch (CertificateEncodingException ex) {
throw new MessageEncodingException(ex.getMessage(), ex);
}
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// I don't known which hash algorithm is supported by the client, use SHA-1
String signatureAlgo = getSignatureAlgorithm(signingKey, ScepHashAlgo.SHA1);
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgo).build(signingKey);
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator());
SignerInfoGenerator signerInfo = signerInfoBuilder.build(signer, signerCert);
generator.addSignerInfoGenerator(signerInfo);
CMSTypedData cmsContent = new CMSProcessableByteArray(CMSObjectIdentifiers.signedData, degenratedSignedDataBytes);
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
return generator.generate(cmsContent, true).toASN1Structure();
} catch (CMSException | CertificateEncodingException | IOException | OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with CMSAbsentContent
use of org.bouncycastle.cms.CMSAbsentContent in project xipki by xipki.
the class ScepImpl method getCrl.
// method buildSignedData
private SignedData getCrl(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException {
if (!control.isSupportGetCrl()) {
throw FailInfoException.BAD_REQUEST;
}
CertificateList crl = ca.getBcCurrentCrl();
if (crl == null) {
throw FailInfoException.BAD_REQUEST;
}
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData signedData;
try {
signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
LogUtil.error(LOG, ex, "could not generate CMSSignedData");
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
OperationException(org.xipki.ca.api.OperationException)
CMSException(org.bouncycastle.cms.CMSException)
Example 5 with CMSAbsentContent
use of org.bouncycastle.cms.CMSAbsentContent in project xipki by xipki.
the class ScepImpl method buildSignedData.
// method pollCert
private SignedData buildSignedData(X509Certificate cert) throws OperationException {
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
try {
X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded());
cmsSignedDataGen.addCertificate(certHolder);
if (control.isIncludeCaCert()) {
refreshCa();
cmsSignedDataGen.addCertificate(caCert.getCertHolder());
}
CMSSignedData signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
return SignedData.getInstance(signedData.toASN1Structure().getContent());
} catch (CMSException | IOException | CertificateEncodingException ex) {
LogUtil.error(LOG, ex);
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
OperationException(org.xipki.ca.api.OperationException)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
CMSAbsentContent (org.bouncycastle.cms.CMSAbsentContent)8
CMSException (org.bouncycastle.cms.CMSException)8
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)8
CMSSignedData (org.bouncycastle.cms.CMSSignedData)7
IOException (java.io.IOException)5
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4
X509Certificate (java.security.cert.X509Certificate)3
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)3
CMSTypedData (org.bouncycastle.cms.CMSTypedData)3
DefaultSignedAttributeTableGenerator (org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)3
SignerInfoGenerator (org.bouncycastle.cms.SignerInfoGenerator)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)2
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)2
JcaSignerInfoGeneratorBuilder (org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)2
BcDigestCalculatorProvider (org.bouncycastle.operator.bc.BcDigestCalculatorProvider)2
OperationException (org.xipki.ca.api.OperationException)2
MessageEncodingException (org.xipki.scep.exception.MessageEncodingException)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
