Example 6 with SignerInfoGenerator
use of org.bouncycastle.cms.SignerInfoGenerator in project structr by structr.
the class CreateJarFileFunction method writeSignatureBlock.
private void writeSignatureBlock(final JarOutputStream jos, final String algorithm, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
final List<X509Certificate> certList = new ArrayList<>();
certList.add(publicKey);
final JcaCertStore certs = new JcaCertStore(certList);
final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
final ContentSigner signer = new JcaContentSignerBuilder(algorithm + "with" + privateKey.getAlgorithm()).build(privateKey);
final SignerInfoGenerator infoGenerator = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(signer, publicKey);
gen.addSignerInfoGenerator(infoGenerator);
gen.addCertificates(certs);
final CMSSignedData sigData = gen.generate(data, false);
final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
final DEROutputStream dos = new DEROutputStream(jos);
final ASN1Primitive obj = asn1.readObject();
dos.writeObject(obj);
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 7 with SignerInfoGenerator
use of org.bouncycastle.cms.SignerInfoGenerator in project serverless by bluenimble.
the class SignDocument method main.
public static void main(String[] args) throws IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertStoreException, CMSException, OperatorCreationException {
File toBeSigned = new File("ToBeSigned.txt");
byte[] buffer = new byte[(int) toBeSigned.length()];
DataInputStream in = new DataInputStream(new FileInputStream(toBeSigned));
in.readFully(buffer);
in.close();
// Chargement des certificats qui seront stockes dans le fichier .p7
// Ici, seulement le certificat personnal_nyal.cer sera associe.
// Par contre, la cha�ne des certificats non.
X509Certificate cert = ReadX509.read(new FileInputStream("msp.cer"));
// "2[$0wUOS";
String password = "msp_pass";
// "thawte freemail member's thawte consulting (pty) ltd. id";
String alias = "msp";
KeyInformation keyInfo = ReadPKCS12.read(new FileInputStream("msp.p12"), password, alias);
// List<X509Certificate> certList = new ArrayList<X509Certificate> (); Wrong check below
// certList.add (cert);
List<X509CertificateHolder> certList = new ArrayList<X509CertificateHolder>();
certList.add(new X509CertificateHolder(cert.getEncoded()));
// CertStore certs = CertStore.getInstance ("Collection", new CollectionCertStoreParameters (certList), "BC"); Wrong check below
JcaCertStore jcaCertStore = new JcaCertStore(certList);
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(keyInfo.getPrivateKey());
DigestCalculatorProvider digestCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
SignerInfoGenerator signInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalcProv).build(contentSigner, cert);
signGen.addSignerInfoGenerator(signInfoGeneratorBuilder);
// privatekey correspond a notre cle privee recuperee du fichier PKCS#12
// cert correspond au certificat publique personnal_nyal.cer
// Le dernier argument est l'algorithme de hachage qui sera utilise
// signGen.addSigner (keyInfo.getPrivateKey (), cert, CMSSignedDataGenerator.DIGEST_SHA1);
signGen.addCertificates(jcaCertStore);
// Wrong signGen.addCertificatesAndCRLs (certs);
CMSProcessableByteArray content = new CMSProcessableByteArray(buffer);
// Generation du fichier CMS/PKCS#7
// L'argument deux permet de signifier si le document doit etre attache avec la signature
// Valeur true: le fichier est attache (c'est le cas ici)
// Valeur false: le fichier est detache
// CMSSignedData signedData = signGen.generate (content, true, "BC");
CMSSignedData signedData = signGen.generate(content, true);
byte[] signeddata = signedData.getEncoded();
// Ecriture du buffer dans un fichier.
FileOutputStream envfos = new FileOutputStream("Signed.pk7");
envfos.write(signeddata);
envfos.close();
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
DataInputStream(java.io.DataInputStream)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
FileOutputStream(java.io.FileOutputStream)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
File(java.io.File)
Example 8 with SignerInfoGenerator
use of org.bouncycastle.cms.SignerInfoGenerator in project serverless by bluenimble.
the class DefaultSigner method signWithCerts.
// Updated
private void signWithCerts(SecureDocument doc, PrivateKey key, X509Certificate[] certs) throws SignerException {
if (certs == null || certs.length == 0) {
throw new SignerException("A valid X509 Certificate is required");
}
String signAlg = "DSA".equals(key.getAlgorithm()) ? CMSSignedDataGenerator.DIGEST_SHA1 : CMSSignedDataGenerator.DIGEST_MD5;
CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
List<X509CertificateHolder> certList = new ArrayList<X509CertificateHolder>();
try {
ContentSigner contentSigner = new JcaContentSignerBuilder(signAlg).setProvider("BC").build(key);
DigestCalculatorProvider digestCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC").build();
for (X509Certificate cert : certs) {
X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded());
certList.add(certHolder);
SignerInfoGenerator signInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalcProv).build(contentSigner, cert);
signGen.addSignerInfoGenerator(signInfoGeneratorBuilder);
}
JcaCertStore jcaCertStore = new JcaCertStore(certList);
signGen.addCertificates(jcaCertStore);
// signGen.addCRLs (jcaCertStore); TODO : not sure
CMSProcessableByteArray content = new CMSProcessableByteArray(doc.getBytes());
CMSSignedData signedData = signGen.generate(content, true);
doc.setBytes(signedData.getEncoded());
} catch (Throwable th) {
throw new SignerException(th, th.getMessage());
}
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
SignerException(com.bluenimble.platform.crypto.signer.SignerException)
Aggregations
CMSSignedDataGenerator (org.bouncycastle.cms.CMSSignedDataGenerator)8
SignerInfoGenerator (org.bouncycastle.cms.SignerInfoGenerator)8
X509Certificate (java.security.cert.X509Certificate)7
CMSProcessableByteArray (org.bouncycastle.cms.CMSProcessableByteArray)7
CMSSignedData (org.bouncycastle.cms.CMSSignedData)7
ArrayList (java.util.ArrayList)6
JcaSignerInfoGeneratorBuilder (org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)6
IOException (java.io.IOException)5
JcaCertStore (org.bouncycastle.cert.jcajce.JcaCertStore)5
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)5
CertificateEncodingException (java.security.cert.CertificateEncodingException)4
CMSException (org.bouncycastle.cms.CMSException)4
CMSTypedData (org.bouncycastle.cms.CMSTypedData)4
DefaultSignedAttributeTableGenerator (org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)4
ContentSigner (org.bouncycastle.operator.ContentSigner)4
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4
JcaDigestCalculatorProviderBuilder (org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)4
AttributeTable (org.bouncycastle.asn1.cms.AttributeTable)3
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)3
CMSAbsentContent (org.bouncycastle.cms.CMSAbsentContent)3
