Example 1 with CMSSignedDataGenerator
use of org.bouncycastle.cms.CMSSignedDataGenerator in project walle by Meituan-Dianping.
the class V1SchemeSigner method generateSignatureBlock.
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer, new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
SignatureException(java.security.SignatureException)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
SignerInfoGeneratorBuilder(org.bouncycastle.cms.SignerInfoGeneratorBuilder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
CMSException(org.bouncycastle.cms.CMSException)
Example 2 with CMSSignedDataGenerator
use of org.bouncycastle.cms.CMSSignedDataGenerator in project atlas by alibaba.
the class LocalSignedJarBuilder method writeSignatureBlock.
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(mOutputJar);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 3 with CMSSignedDataGenerator
use of org.bouncycastle.cms.CMSSignedDataGenerator in project nhin-d by DirectProject.
the class CreateSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param anchorDir :The Directory where the .der files are present.
* @param createFile : The .p7m File name.
* @param metaFile :One XML file as per required specification of TrustBundle metadata schema.
* @param p12certiFile : The .p12 file.
* @param passkey :Pass Key for the .p12 file if present or else it should be blank.
* @param destDir : The Destination folder where the output .p7m files will be created.
* * @return File : Returns the created SignedBundle as a .p7m file.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists, File p12certiFile, String passKey) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
try {
// Create the unsigned Trust Bundle
CreateUnSignedPKCS7 unSignedPKCS7 = new CreateUnSignedPKCS7();
File unsigned = unSignedPKCS7.create(anchorDir, createFile, metaFile, metaExists);
byte[] unsignedByte = loadFileData(unsigned);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
CMSSignedData unsignedData = new CMSSignedData(unsignedByte);
// Create the certificate array
KeyStore ks = java.security.KeyStore.getInstance("PKCS12", "BC");
ks.load(new FileInputStream(p12certiFile), defaultPwd.toCharArray());
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (ks.getKey(alias, defaultPwd.toCharArray()) != null && ks.getKey(alias, defaultPwd.toCharArray()) instanceof PrivateKey) {
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build((PrivateKey) ks.getKey(alias, defaultPwd.toCharArray()));
X509CertificateHolder holder = new X509CertificateHolder(ks.getCertificate(alias).getEncoded());
certList.add((X509Certificate) ks.getCertificate(alias));
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, holder));
}
}
Store certStores = new JcaCertStore(certList);
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(unsignedData.getEncoded()), true);
//SignedData encapInfo = SignedData.getInstance(sigData.getContentInfo().getContent());
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
// e.printStackTrace(System.err);
return null;
} catch (IOException e) {
// e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
// e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
// e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
// e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
// e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
// e.printStackTrace(System.err);
return null;
} catch (Exception e) {
// e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
PrivateKey(java.security.PrivateKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
KeyStore(java.security.KeyStore)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
FileOutputStream(java.io.FileOutputStream)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
NoSuchProviderException(java.security.NoSuchProviderException)
File(java.io.File)
CMSException(org.bouncycastle.cms.CMSException)
Example 4 with CMSSignedDataGenerator
use of org.bouncycastle.cms.CMSSignedDataGenerator in project nhin-d by DirectProject.
the class CreateUnSignedPKCS7 method create.
/**
* Creates a pcks7 file from the certificate and key files.
* @param certFile The X509 DER encoded certificate file.
* @param keyFile The PCKS8 DER encoded private key file.
* @param password Option password for the private key file. This is required if the private key file is encrypted. Should be null or empty
* if the private key file is not encrypted.
* @param createFile Optional file descriptor for the output file of the pkcs12 file. If this is null, the file name is based on the
* certificate file name.
* @return File descriptor of the created pcks7 file. Null if an error occurred.
*/
public File create(String anchorDir, File createFile, File metaFile, boolean metaExists) {
File pkcs7File = null;
FileOutputStream outStr = null;
InputStream inStr = null;
// load cert file
try {
File userDir = new File(anchorDir);
File[] files = userDir.listFiles();
X509Certificate[] certs = new X509Certificate[files.length];
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
int counter = 0;
for (File certFile : files) {
if (certFile.isFile() && !certFile.isHidden()) {
if (certFile.getName().endsWith(".der")) {
byte[] certData = loadFileData(certFile);
certs[counter] = getX509Certificate(certData);
certList.add(certs[counter]);
counter++;
}
}
}
if (counter == 0) {
error = "Trust Anchors are not available in specified folder!";
return null;
}
byte[] metaDataByte;
if (metaExists) {
metaDataByte = loadFileData(metaFile);
} else {
metaDataByte = "Absent".getBytes();
}
CMSTypedData msg = new CMSProcessableByteArray(metaDataByte);
Store certStores = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
//SignedData data = new SignedData(arg0, arg1, arg2, arg3, arg4)
gen.addCertificates(certStores);
CMSSignedData sigData = gen.generate(msg, metaExists);
//System.out.println("Inside Unsigned area: Create File:"+createFile);
pkcs7File = getPKCS7OutFile(createFile);
outStr = new FileOutputStream(pkcs7File);
outStr.write(sigData.getEncoded());
} catch (CMSException e) {
//e.printStackTrace(System.err);
return null;
} catch (IOException e) {
//e.printStackTrace(System.err);
return null;
} catch (KeyStoreException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchProviderException e) {
//e.printStackTrace(System.err);
return null;
} catch (NoSuchAlgorithmException e) {
//e.printStackTrace(System.err);
return null;
} catch (CertificateException e) {
//e.printStackTrace(System.err);
return null;
} catch (UnrecoverableKeyException e) {
//e.printStackTrace(System.err);
return null;
} catch (OperatorCreationException e) {
//e.printStackTrace(System.err);
return null;
} catch (Exception e) {
//e.printStackTrace(System.err);
return null;
} finally {
IOUtils.closeQuietly(outStr);
IOUtils.closeQuietly(inStr);
}
return pkcs7File;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
ArrayList(java.util.ArrayList)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
Store(org.bouncycastle.util.Store)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSException(org.bouncycastle.cms.CMSException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
FileOutputStream(java.io.FileOutputStream)
NoSuchProviderException(java.security.NoSuchProviderException)
File(java.io.File)
CMSException(org.bouncycastle.cms.CMSException)
Example 5 with CMSSignedDataGenerator
use of org.bouncycastle.cms.CMSSignedDataGenerator in project sic by belluccifranco.
the class AfipWebServiceSOAPClient method crearCMS.
public byte[] crearCMS(byte[] p12file, String p12pass, String signer, String service, long ticketTime) {
PrivateKey pKey = null;
X509Certificate pCertificate = null;
byte[] asn1_cms = null;
CertStore cstore = null;
try {
KeyStore ks = KeyStore.getInstance("pkcs12");
InputStream is;
is = Utilidades.convertirByteArrayToInputStream(p12file);
ks.load(is, p12pass.toCharArray());
is.close();
pKey = (PrivateKey) ks.getKey(signer, p12pass.toCharArray());
pCertificate = (X509Certificate) ks.getCertificate(signer);
ArrayList<X509Certificate> certList = new ArrayList<>();
certList.add(pCertificate);
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
cstore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | InvalidAlgorithmParameterException | NoSuchProviderException ex) {
LOGGER.error(ex.getMessage());
throw new BusinessServiceException(ResourceBundle.getBundle("Mensajes").getString("mensaje_certificado_error"));
}
String loginTicketRequest_xml = this.crearTicketRequerimientoAcceso(service, ticketTime);
try {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
generator.addSigner(pKey, pCertificate, CMSSignedDataGenerator.DIGEST_SHA1);
generator.addCertificatesAndCRLs(cstore);
CMSProcessable data = new CMSProcessableByteArray(loginTicketRequest_xml.getBytes());
CMSSignedData signed = generator.generate(data, true, "BC");
asn1_cms = signed.getEncoded();
} catch (IllegalArgumentException | CertStoreException | CMSException | NoSuchAlgorithmException | NoSuchProviderException | IOException ex) {
LOGGER.error(ex.getMessage());
throw new BusinessServiceException(ResourceBundle.getBundle("Mensajes").getString("mensaje_firmando_certificado_error"));
}
return asn1_cms;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
PrivateKey(java.security.PrivateKey)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
BusinessServiceException(sic.service.BusinessServiceException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
InputStream(java.io.InputStream)
CertStoreException(java.security.cert.CertStoreException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
NoSuchProviderException(java.security.NoSuchProviderException)
CertStore(java.security.cert.CertStore)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
X509Certificate (java.security.cert.X509Certificate)5
CMSSignedData (org.bouncycastle.cms.CMSSignedData)5
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)5
IOException (java.io.IOException)4
ArrayList (java.util.ArrayList)4
JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)4
CMSException (org.bouncycastle.cms.CMSException)4
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)4
InputStream (java.io.InputStream)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
NoSuchProviderException (java.security.NoSuchProviderException)3
UnrecoverableKeyException (java.security.UnrecoverableKeyException)3
CertificateException (java.security.cert.CertificateException)3
ContentSigner (org.bouncycastle.operator.ContentSigner)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)3
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)3
File (java.io.File)2
FileOutputStream (java.io.FileOutputStream)2
