Examples with CMSSignedData org.bouncycastle.cms.CMSSignedData used on opensource projects

Search in sources :

Example 66 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project walle by Meituan-Dianping.

the class V1SchemeSigner method generateSignatureBlock.

private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
    JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
    X509Certificate signerCert = signerConfig.certificates.get(0);
    String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
    try {
        ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer, new JcaX509CertificateHolder(signerCert)));
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
            DEROutputStream dos = new DEROutputStream(out);
            dos.writeObject(asn1.readObject());
        }
        return out.toByteArray();
    } catch (OperatorCreationException | CMSException | IOException e) {
        throw new SignatureException("Failed to generate signature", e);
    }
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SignatureException(java.security.SignatureException) JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) SignerInfoGeneratorBuilder(org.bouncycastle.cms.SignerInfoGeneratorBuilder) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) DEROutputStream(org.bouncycastle.asn1.DEROutputStream) CMSException(org.bouncycastle.cms.CMSException)

Example 67 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project serverless by bluenimble.

the class SignDocument method main.

public static void main(String[] args) throws IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertStoreException, CMSException, OperatorCreationException {
    File toBeSigned = new File("ToBeSigned.txt");
    byte[] buffer = new byte[(int) toBeSigned.length()];
    DataInputStream in = new DataInputStream(new FileInputStream(toBeSigned));
    in.readFully(buffer);
    in.close();
    // Chargement des certificats qui seront stockes dans le fichier .p7
    // Ici, seulement le certificat personnal_nyal.cer sera associe.
    // Par contre, la cha�ne des certificats non.
    X509Certificate cert = ReadX509.read(new FileInputStream("msp.cer"));
    // "2[$0wUOS";
    String password = "msp_pass";
    // "thawte freemail member's thawte consulting (pty) ltd. id";
    String alias = "msp";
    KeyInformation keyInfo = ReadPKCS12.read(new FileInputStream("msp.p12"), password, alias);
    // List<X509Certificate> certList = new ArrayList<X509Certificate> (); Wrong check below
    // certList.add (cert);
    List<X509CertificateHolder> certList = new ArrayList<X509CertificateHolder>();
    certList.add(new X509CertificateHolder(cert.getEncoded()));
    // CertStore certs = CertStore.getInstance ("Collection", new CollectionCertStoreParameters (certList), "BC"); Wrong check below
    JcaCertStore jcaCertStore = new JcaCertStore(certList);
    CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
    ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(keyInfo.getPrivateKey());
    DigestCalculatorProvider digestCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
    SignerInfoGenerator signInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalcProv).build(contentSigner, cert);
    signGen.addSignerInfoGenerator(signInfoGeneratorBuilder);
    // privatekey correspond a notre cle privee recuperee du fichier PKCS#12
    // cert correspond au certificat publique personnal_nyal.cer
    // Le dernier argument est l'algorithme de hachage qui sera utilise
    // signGen.addSigner (keyInfo.getPrivateKey (), cert, CMSSignedDataGenerator.DIGEST_SHA1);
    signGen.addCertificates(jcaCertStore);
    // Wrong signGen.addCertificatesAndCRLs (certs);
    CMSProcessableByteArray content = new CMSProcessableByteArray(buffer);
    // Generation du fichier CMS/PKCS#7
    // L'argument deux permet de signifier si le document doit etre attache avec la signature
    // Valeur true: le fichier est attache (c'est le cas ici)
    // Valeur false: le fichier est detache
    // CMSSignedData signedData = signGen.generate (content, true, "BC");
    CMSSignedData signedData = signGen.generate(content, true);
    byte[] signeddata = signedData.getEncoded();
    // Ecriture du buffer dans un fichier.
    FileOutputStream envfos = new FileOutputStream("Signed.pk7");
    envfos.write(signeddata);
    envfos.close();
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) DataInputStream(java.io.DataInputStream) CMSSignedData(org.bouncycastle.cms.CMSSignedData) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) FileOutputStream(java.io.FileOutputStream) SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) File(java.io.File)

Example 68 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project serverless by bluenimble.

the class DefaultSigner method signWithCerts.

// Updated
private void signWithCerts(SecureDocument doc, PrivateKey key, X509Certificate[] certs) throws SignerException {
    if (certs == null || certs.length == 0) {
        throw new SignerException("A valid X509 Certificate is required");
    }
    String signAlg = "DSA".equals(key.getAlgorithm()) ? CMSSignedDataGenerator.DIGEST_SHA1 : CMSSignedDataGenerator.DIGEST_MD5;
    CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
    List<X509CertificateHolder> certList = new ArrayList<X509CertificateHolder>();
    try {
        ContentSigner contentSigner = new JcaContentSignerBuilder(signAlg).setProvider("BC").build(key);
        DigestCalculatorProvider digestCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
        for (X509Certificate cert : certs) {
            X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded());
            certList.add(certHolder);
            SignerInfoGenerator signInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalcProv).build(contentSigner, cert);
            signGen.addSignerInfoGenerator(signInfoGeneratorBuilder);
        }
        JcaCertStore jcaCertStore = new JcaCertStore(certList);
        signGen.addCertificates(jcaCertStore);
        // signGen.addCRLs (jcaCertStore); TODO : not sure
        CMSProcessableByteArray content = new CMSProcessableByteArray(doc.getBytes());
        CMSSignedData signedData = signGen.generate(content, true);
        doc.setBytes(signedData.getEncoded());
    } catch (Throwable th) {
        throw new SignerException(th, th.getMessage());
    }
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder) SignerException(com.bluenimble.platform.crypto.signer.SignerException)

Example 69 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project fdroidclient by f-droid.

the class SignatureBlockGenerator method generate.

/**
 * Sign the given content using the private and public keys from the keySet, and return the encoded CMS (PKCS#7) data.
 * Use of direct signature and DER encoding produces a block that is verifiable by Android recovery programs.
 */
public static byte[] generate(KeySet keySet, byte[] content) {
    try {
        List certList = new ArrayList();
        CMSTypedData msg = new CMSProcessableByteArray(content);
        certList.add(keySet.getPublicKey());
        Store certs = new JcaCertStore(certList);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(keySet.getSignatureAlgorithm()).setProvider("BC");
        ContentSigner sha1Signer = jcaContentSignerBuilder.build(keySet.getPrivateKey());
        JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC");
        DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build();
        JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider);
        jcaSignerInfoGeneratorBuilder.setDirectSignature(true);
        SignerInfoGenerator signerInfoGenerator = jcaSignerInfoGeneratorBuilder.build(sha1Signer, keySet.getPublicKey());
        gen.addSignerInfoGenerator(signerInfoGenerator);
        gen.addCertificates(certs);
        CMSSignedData sigData = gen.generate(msg, false);
        return sigData.toASN1Structure().getEncoded("DER");
    } catch (Exception x) {
        throw new RuntimeException(x.getMessage(), x);
    }
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) CMSTypedData(org.bouncycastle.cms.CMSTypedData) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ArrayList(java.util.ArrayList) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) Store(org.bouncycastle.util.Store) JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore) CMSSignedData(org.bouncycastle.cms.CMSSignedData) JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder) DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider) SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator) ArrayList(java.util.ArrayList) List(java.util.List) JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)

Aggregations

CMSSignedData (org.bouncycastle.cms.CMSSignedData)69 X509Certificate (java.security.cert.X509Certificate)32 IOException (java.io.IOException)31 CMSException (org.bouncycastle.cms.CMSException)31 CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)23 CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)21 SignerInformation (org.bouncycastle.cms.SignerInformation)19 ArrayList (java.util.ArrayList)17 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)17 JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)16 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)15 ByteArrayInputStream (java.io.ByteArrayInputStream)13 JcaSignerInfoGeneratorBuilder (org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)13 SignerInformationStore (org.bouncycastle.cms.SignerInformationStore)12 ContentSigner (org.bouncycastle.operator.ContentSigner)10 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)10 JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)10 CertificateException (java.security.cert.CertificateException)9 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)9 AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial