Examples with CMSSignedData org.bouncycastle.cms.CMSSignedData used on opensource projects

Example 56 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project signer by demoiselle.

the class RequestSigner method signRequest.

/**
 * Signs a time stamp request
 *
 * @param privateKey private key to sign with
 * @param certificates certificate chain
 * @param request request to be signed
 * @return The signed request
 */
public byte[] signRequest(PrivateKey privateKey, Certificate[] certificates, byte[] request, String algorithm) {
    try {
        logger.info(timeStampMessagesBundle.getString("info.timestamp.sign.request"));
        Security.addProvider(new BouncyCastleProvider());
        X509Certificate signCert = (X509Certificate) certificates[0];
        List<X509Certificate> certList = new ArrayList<>();
        certList.add(signCert);
        // setup the generator
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        String varAlgorithm = null;
        if (algorithm != null && !algorithm.isEmpty()) {
            varAlgorithm = algorithm;
        } else {
            varAlgorithm = "SHA256withRSA";
        }
        SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().build(varAlgorithm, privateKey, signCert);
        generator.addSignerInfoGenerator(signerInfoGenerator);
        Store<?> certStore = new JcaCertStore(certList);
        generator.addCertificates(certStore);
        // Store crlStore = new JcaCRLStore(crlList);
        // generator.addCRLs(crlStore);
        // Create the signed data object
        CMSTypedData data = new CMSProcessableByteArray(request);
        CMSSignedData signed = generator.generate(data, true);
        return signed.getEncoded();
    } catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) {
        logger.info(ex.getMessage());
    }
    return null;
}

Example 57 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project keystore-explorer by kaikramer.

the class JarSigner method addTimestamp.

private static CMSSignedData addTimestamp(String tsaUrl, CMSSignedData signedData) throws IOException {
    Collection<SignerInformation> signerInfos = signedData.getSignerInfos().getSigners();
    // get signature of first signer (should be the only one)
    SignerInformation si = signerInfos.iterator().next();
    byte[] signature = si.getSignature();
    // send request to TSA
    byte[] token = TimeStampingClient.getTimeStampToken(tsaUrl, signature, DigestType.SHA1);
    // create new SignerInformation with TS attribute
    Attribute tokenAttr = new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(token)));
    ASN1EncodableVector timestampVector = new ASN1EncodableVector();
    timestampVector.add(tokenAttr);
    AttributeTable at = new AttributeTable(timestampVector);
    si = SignerInformation.replaceUnsignedAttributes(si, at);
    signerInfos.clear();
    signerInfos.add(si);
    SignerInformationStore newSignerStore = new SignerInformationStore(signerInfos);
    // create new signed data
    CMSSignedData newSignedData = CMSSignedData.replaceSigners(signedData, newSignerStore);
    return newSignedData;
}

Example 58 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project pdfbox by apache.

the class CertInformationCollector method getCertInfo.

/**
 * Processes one signature and its including certificates.
 *
 * @param signatureContent the byte[]-Content of the signature
 * @return the CertSignatureInformation for this signature
 * @throws IOException
 * @throws CertificateProccessingException
 */
private CertSignatureInformation getCertInfo(byte[] signatureContent) throws CertificateProccessingException, IOException {
    rootCertInfo = new CertSignatureInformation();
    rootCertInfo.signatureHash = CertInformationHelper.getSha1Hash(signatureContent);
    try {
        CMSSignedData signedData = new CMSSignedData(signatureContent);
        Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
        SignerInformation signerInformation = processSignerStore(certificatesStore, signedData, rootCertInfo);
        addTimestampCerts(signerInformation);
    } catch (CMSException e) {
        LOG.error("Error occurred getting Certificate Information from Signature", e);
        throw new CertificateProccessingException(e);
    }
    return rootCertInfo;
}

Example 59 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project pdfbox by apache.

the class CertInformationCollector method addTimestampCerts.

/**
 * Processes an embedded signed timestamp, that has been placed into a signature. The
 * certificates and its chain(s) will be processed the same way as the signature itself.
 *
 * @param signerInformation of the signature, to get unsigned attributes from it.
 * @throws IOException
 * @throws CertificateProccessingException
 */
private void addTimestampCerts(SignerInformation signerInformation) throws IOException, CertificateProccessingException {
    AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
    if (unsignedAttributes == null) {
        return;
    }
    Attribute tsAttribute = signerInformation.getUnsignedAttributes().get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
    if (tsAttribute.getAttrValues() instanceof DERSet) {
        DERSet tsSet = (DERSet) tsAttribute.getAttrValues();
        tsSet.getEncoded("DER");
        DERSequence tsSeq = (DERSequence) tsSet.getObjectAt(0);
        try {
            TimeStampToken tsToken = new TimeStampToken(new CMSSignedData(tsSeq.getEncoded("DER")));
            rootCertInfo.tsaCerts = new CertSignatureInformation();
            @SuppressWarnings("unchecked") Store<X509CertificateHolder> certificatesStore = tsToken.getCertificates();
            processSignerStore(certificatesStore, tsToken.toCMSSignedData(), rootCertInfo.tsaCerts);
        } catch (TSPException | CMSException e) {
            throw new IOException("Error parsing timestamp token", e);
        }
    }
}

Example 60 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project atlas by alibaba.

the class LocalSignedJarBuilder method writeSignatureBlock.

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
    ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
    certList.add(publicKey);
    JcaCertStore certs = new JcaCertStore(certList);
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    CMSSignedData sigData = gen.generate(data, false);
    ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    DEROutputStream dos = new DEROutputStream(mOutputJar);
    dos.writeObject(asn1.readObject());
    dos.flush();
    dos.close();
    asn1.close();
}