Examples with CMSSignedData org.bouncycastle.cms.CMSSignedData used on opensource projects

Example 16 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project xipki by xipki.

the class PkiMessage method encode.

public ContentInfo encode(ContentSigner signer, X509Certificate signerCert, X509Certificate[] cmsCertSet, X509Certificate recipientCert, ASN1ObjectIdentifier encAlgId) throws MessageEncodingException {
    ScepUtil.requireNonNull("signer", signer);
    ScepUtil.requireNonNull("signerCert", signerCert);
    if (messageData != null) {
        ScepUtil.requireNonNull("recipientCert", recipientCert);
        ScepUtil.requireNonNull("encAlgId", encAlgId);
    }
    CMSTypedData content;
    if (messageData == null) {
        content = new CMSAbsentContent();
    } else {
        CMSEnvelopedData envelopedData = encrypt(recipientCert, encAlgId);
        byte[] encoded;
        try {
            encoded = envelopedData.getEncoded();
        } catch (IOException ex) {
            throw new MessageEncodingException(ex);
        }
        content = new CMSProcessableByteArray(CMSObjectIdentifiers.envelopedData, encoded);
    }
    try {
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        // signerInfo
        JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
        signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(getSignedAttributes()));
        AttributeTable attrTable = getUnsignedAttributes();
        if (attrTable != null) {
            signerInfoBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
        }
        // certificateSet
        ScepUtil.addCmsCertSet(generator, cmsCertSet);
        SignerInfoGenerator signerInfo;
        try {
            signerInfo = signerInfoBuilder.build(signer, signerCert);
        } catch (Exception ex) {
            throw new MessageEncodingException(ex);
        }
        generator.addSignerInfoGenerator(signerInfo);
        CMSSignedData signedData = generator.generate(content, true);
        return signedData.toASN1Structure();
    } catch (CMSException ex) {
        throw new MessageEncodingException(ex);
    } catch (Exception ex) {
        throw new MessageEncodingException(ex);
    }
}

Example 17 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project jruby-openssl by jruby.

the class PEMInputOutput method readPKCS7.

/**
 * Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS
 * API.
 *
 * @return the X509Certificate
 * @throws IOException if an I/O error occured
 */
private static CMSSignedData readPKCS7(BufferedReader in, char[] p, String endMarker) throws IOException {
    ByteArrayOutputStream bytes = new ByteArrayOutputStream();
    String line;
    StringBuilder buffer = new StringBuilder();
    while ((line = in.readLine()) != null) {
        if (line.contains(endMarker))
            break;
        buffer.append(line.trim());
        final int len = buffer.length();
        Base64.decode(buffer.substring(0, (len / 4) * 4), bytes);
        buffer.delete(0, (len / 4) * 4);
    }
    if (buffer.length() != 0) {
        throw new IOException("base64 data appears to be truncated");
    }
    if (line == null)
        throw new IOException(endMarker + " not found");
    try {
        ASN1InputStream aIn = new ASN1InputStream(bytes.toByteArray());
        return new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
    } catch (CMSException e) {
        throw new IOException("problem parsing PKCS7 object: " + e, e);
    }
}

Example 18 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project structr by structr.

the class SignedJarBuilder method writeSignatureBlock.

/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(final JarOutputStream jos, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
    final List<X509Certificate> certList = new ArrayList<>();
    certList.add(publicKey);
    final JcaCertStore certs = new JcaCertStore(certList);
    final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    final ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    final CMSSignedData sigData = gen.generate(data, false);
    final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    final DEROutputStream dos = new DEROutputStream(jos);
    dos.writeObject(asn1.readObject());
}

Example 19 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project xipki by xipki.

the class ScepImpl method getCrl.

// method buildSignedData
private SignedData getCrl(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException {
    if (!control.isSupportGetCrl()) {
        throw FailInfoException.BAD_REQUEST;
    }
    CertificateList crl = ca.getBcCurrentCrl();
    if (crl == null) {
        throw FailInfoException.BAD_REQUEST;
    }
    CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
    cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
    CMSSignedData signedData;
    try {
        signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
    } catch (CMSException ex) {
        LogUtil.error(LOG, ex, "could not generate CMSSignedData");
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    return SignedData.getInstance(signedData.toASN1Structure().getContent());
}

Example 20 with CMSSignedData

use of org.bouncycastle.cms.CMSSignedData in project xipki by xipki.

the class ScepImpl method buildSignedData.

// method pollCert
private SignedData buildSignedData(X509Certificate cert) throws OperationException {
    CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
    try {
        X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded());
        cmsSignedDataGen.addCertificate(certHolder);
        if (control.isIncludeCaCert()) {
            refreshCa();
            cmsSignedDataGen.addCertificate(caCert.getCertHolder());
        }
        CMSSignedData signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
        return SignedData.getInstance(signedData.toASN1Structure().getContent());
    } catch (CMSException | IOException | CertificateEncodingException ex) {
        LogUtil.error(LOG, ex);
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
}