Example 6 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project robovm by robovm.
the class CMSSignedData method getSignerInfos.
/**
* return the collection of signers that are associated with the
* signatures for the message.
*/
public SignerInformationStore getSignerInfos() {
if (signerInfoStore == null) {
ASN1Set s = signedData.getSignerInfos();
List signerInfos = new ArrayList();
SignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
for (int i = 0; i != s.size(); i++) {
SignerInfo info = SignerInfo.getInstance(s.getObjectAt(i));
ASN1ObjectIdentifier contentType = signedData.getEncapContentInfo().getContentType();
if (hashes == null) {
signerInfos.add(new SignerInformation(info, contentType, signedContent, null));
} else {
Object obj = hashes.keySet().iterator().next();
byte[] hash = (obj instanceof String) ? (byte[]) hashes.get(info.getDigestAlgorithm().getAlgorithm().getId()) : (byte[]) hashes.get(info.getDigestAlgorithm().getAlgorithm());
signerInfos.add(new SignerInformation(info, contentType, null, hash));
}
}
signerInfoStore = new SignerInformationStore(signerInfos);
}
return signerInfoStore;
}
Also used :
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
SignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder)
ArrayList(java.util.ArrayList)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
SignerInfo(org.bouncycastle.asn1.cms.SignerInfo)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 7 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project OpenAttestation by OpenAttestation.
the class X509AttrBuilder method build.
public byte[] build() {
if (notBefore == null || notAfter == null) {
// 1 day default
expires(1, TimeUnit.DAYS);
}
if (serialNumber == null) {
dateSerial();
}
if (subjectName == null) {
fault("Subject name is missing");
}
if (issuerName == null) {
fault("Issuer name is missing");
}
if (issuerPrivateKey == null) {
fault("Issuer private key is missing");
}
if (attributes.isEmpty()) {
fault("No attributes selected");
}
try {
if (getFaults().isEmpty()) {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
ContentSigner authority = null;
if (issuerPrivateKey != null)
// create a bouncy castle content signer convert using our existing private key
authority = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(PrivateKeyFactory.createKey(issuerPrivateKey.getEncoded()));
// second, prepare the attribute certificate
// which is expected to be a UUID like this: 33766a63-5c55-4461-8a84-5936577df450
AttributeCertificateHolder holder = new AttributeCertificateHolder(subjectName);
AttributeCertificateIssuer issuer = new AttributeCertificateIssuer(issuerName);
X509v2AttributeCertificateBuilder builder = new X509v2AttributeCertificateBuilder(holder, issuer, serialNumber, notBefore, notAfter);
for (Attribute attribute : attributes) {
builder.addAttribute(attribute.oid, attribute.value);
}
// fourth, sign the attribute certificate
if (authority != null) {
X509AttributeCertificateHolder cert;
cert = builder.build(authority);
//X509AttributeCertificate.valueOf(cert.getEncoded());
return cert.getEncoded();
}
}
return null;
} catch (IOException | OperatorCreationException e) {
fault(e, "cannot sign certificate");
return null;
} finally {
done();
}
}
Also used :
X509v2AttributeCertificateBuilder(org.bouncycastle.cert.X509v2AttributeCertificateBuilder)
AttributeCertificateIssuer(org.bouncycastle.cert.AttributeCertificateIssuer)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
AttributeCertificateHolder(org.bouncycastle.cert.AttributeCertificateHolder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
IOException(java.io.IOException)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
Example 8 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project poi by apache.
the class TSPTimeStampService method timeStamp.
@SuppressWarnings("unchecked")
public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {
// digest the message
MessageDigest messageDigest = CryptoFunctions.getMessageDigest(signatureConfig.getTspDigestAlgo());
byte[] digest = messageDigest.digest(data);
// generate the TSP request
BigInteger nonce = new BigInteger(128, new SecureRandom());
TimeStampRequestGenerator requestGenerator = new TimeStampRequestGenerator();
requestGenerator.setCertReq(true);
String requestPolicy = signatureConfig.getTspRequestPolicy();
if (requestPolicy != null) {
requestGenerator.setReqPolicy(new ASN1ObjectIdentifier(requestPolicy));
}
ASN1ObjectIdentifier digestAlgoOid = mapDigestAlgoToOID(signatureConfig.getTspDigestAlgo());
TimeStampRequest request = requestGenerator.generate(digestAlgoOid, digest, nonce);
byte[] encodedRequest = request.getEncoded();
// create the HTTP POST request
Proxy proxy = Proxy.NO_PROXY;
if (signatureConfig.getProxyUrl() != null) {
URL proxyUrl = new URL(signatureConfig.getProxyUrl());
String host = proxyUrl.getHost();
int port = proxyUrl.getPort();
proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(InetAddress.getByName(host), (port == -1 ? 80 : port)));
}
HttpURLConnection huc = (HttpURLConnection) new URL(signatureConfig.getTspUrl()).openConnection(proxy);
if (signatureConfig.getTspUser() != null) {
String userPassword = signatureConfig.getTspUser() + ":" + signatureConfig.getTspPass();
String encoding = DatatypeConverter.printBase64Binary(userPassword.getBytes(Charset.forName("iso-8859-1")));
huc.setRequestProperty("Authorization", "Basic " + encoding);
}
huc.setRequestMethod("POST");
huc.setConnectTimeout(20000);
huc.setReadTimeout(20000);
// also sets method to POST.
huc.setDoOutput(true);
huc.setRequestProperty("User-Agent", signatureConfig.getUserAgent());
huc.setRequestProperty("Content-Type", signatureConfig.isTspOldProtocol() ? "application/timestamp-request" : // "; charset=ISO-8859-1");
"application/timestamp-query");
OutputStream hucOut = huc.getOutputStream();
hucOut.write(encodedRequest);
// invoke TSP service
huc.connect();
int statusCode = huc.getResponseCode();
if (statusCode != 200) {
LOG.log(POILogger.ERROR, "Error contacting TSP server ", signatureConfig.getTspUrl() + ", had status code " + statusCode + "/" + huc.getResponseMessage());
throw new IOException("Error contacting TSP server " + signatureConfig.getTspUrl() + ", had status code " + statusCode + "/" + huc.getResponseMessage());
}
// HTTP input validation
String contentType = huc.getHeaderField("Content-Type");
if (null == contentType) {
throw new RuntimeException("missing Content-Type header");
}
ByteArrayOutputStream bos = new ByteArrayOutputStream();
IOUtils.copy(huc.getInputStream(), bos);
LOG.log(POILogger.DEBUG, "response content: ", HexDump.dump(bos.toByteArray(), 0, 0));
if (!contentType.startsWith(signatureConfig.isTspOldProtocol() ? "application/timestamp-response" : "application/timestamp-reply")) {
throw new RuntimeException("invalid Content-Type: " + contentType + // dump the first few bytes
": " + HexDump.dump(bos.toByteArray(), 0, 0, 200));
}
if (bos.size() == 0) {
throw new RuntimeException("Content-Length is zero");
}
// TSP response parsing and validation
TimeStampResponse timeStampResponse = new TimeStampResponse(bos.toByteArray());
timeStampResponse.validate(request);
if (0 != timeStampResponse.getStatus()) {
LOG.log(POILogger.DEBUG, "status: " + timeStampResponse.getStatus());
LOG.log(POILogger.DEBUG, "status string: " + timeStampResponse.getStatusString());
PKIFailureInfo failInfo = timeStampResponse.getFailInfo();
if (null != failInfo) {
LOG.log(POILogger.DEBUG, "fail info int value: " + failInfo.intValue());
if (/*PKIFailureInfo.unacceptedPolicy*/
(1 << 8) == failInfo.intValue()) {
LOG.log(POILogger.DEBUG, "unaccepted policy");
}
}
throw new RuntimeException("timestamp response status != 0: " + timeStampResponse.getStatus());
}
TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
SignerId signerId = timeStampToken.getSID();
BigInteger signerCertSerialNumber = signerId.getSerialNumber();
X500Name signerCertIssuer = signerId.getIssuer();
LOG.log(POILogger.DEBUG, "signer cert serial number: " + signerCertSerialNumber);
LOG.log(POILogger.DEBUG, "signer cert issuer: " + signerCertIssuer);
// TSP signer certificates retrieval
Collection<X509CertificateHolder> certificates = timeStampToken.getCertificates().getMatches(null);
X509CertificateHolder signerCert = null;
Map<X500Name, X509CertificateHolder> certificateMap = new HashMap<X500Name, X509CertificateHolder>();
for (X509CertificateHolder certificate : certificates) {
if (signerCertIssuer.equals(certificate.getIssuer()) && signerCertSerialNumber.equals(certificate.getSerialNumber())) {
signerCert = certificate;
}
certificateMap.put(certificate.getSubject(), certificate);
}
// TSP signer cert path building
if (signerCert == null) {
throw new RuntimeException("TSP response token has no signer certificate");
}
List<X509Certificate> tspCertificateChain = new ArrayList<X509Certificate>();
JcaX509CertificateConverter x509converter = new JcaX509CertificateConverter();
x509converter.setProvider("BC");
X509CertificateHolder certificate = signerCert;
do {
LOG.log(POILogger.DEBUG, "adding to certificate chain: " + certificate.getSubject());
tspCertificateChain.add(x509converter.getCertificate(certificate));
if (certificate.getSubject().equals(certificate.getIssuer())) {
break;
}
certificate = certificateMap.get(certificate.getIssuer());
} while (null != certificate);
// verify TSP signer signature
X509CertificateHolder holder = new X509CertificateHolder(tspCertificateChain.get(0).getEncoded());
DefaultCMSSignatureAlgorithmNameGenerator nameGen = new DefaultCMSSignatureAlgorithmNameGenerator();
DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder();
DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder();
BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider();
BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator);
SignerInformationVerifier verifier = verifierBuilder.build(holder);
timeStampToken.validate(verifier);
// verify TSP signer certificate
if (signatureConfig.getTspValidator() != null) {
signatureConfig.getTspValidator().validate(tspCertificateChain, revocationData);
}
LOG.log(POILogger.DEBUG, "time-stamp token time: " + timeStampToken.getTimeStampInfo().getGenTime());
return timeStampToken.getEncoded();
}
Also used :
DefaultCMSSignatureAlgorithmNameGenerator(org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator)
HashMap(java.util.HashMap)
InetSocketAddress(java.net.InetSocketAddress)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
OutputStream(java.io.OutputStream)
ArrayList(java.util.ArrayList)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
URL(java.net.URL)
TimeStampResponse(org.bouncycastle.tsp.TimeStampResponse)
Proxy(java.net.Proxy)
HttpURLConnection(java.net.HttpURLConnection)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
MessageDigest(java.security.MessageDigest)
SignerInformationVerifier(org.bouncycastle.cms.SignerInformationVerifier)
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
SecureRandom(java.security.SecureRandom)
IOException(java.io.IOException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
TimeStampRequest(org.bouncycastle.tsp.TimeStampRequest)
X509Certificate(java.security.cert.X509Certificate)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
PKIFailureInfo(org.bouncycastle.asn1.cmp.PKIFailureInfo)
SignerId(org.bouncycastle.cms.SignerId)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
TimeStampRequestGenerator(org.bouncycastle.tsp.TimeStampRequestGenerator)
BcRSASignerInfoVerifierBuilder(org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder)
TimeStampToken(org.bouncycastle.tsp.TimeStampToken)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 9 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project airlift by airlift.
the class TestSignatureAlgorithmIdentifier method test.
@Test
public void test() throws Exception {
for (Entry<String, SignatureAlgorithmIdentifier> entry : SignatureAlgorithmIdentifier.getAllSignatureAlgorithmIdentifiers().entrySet()) {
SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = entry.getValue();
assertEquals(signatureAlgorithmIdentifier.getName(), entry.getKey());
AlgorithmIdentifier algorithmIdentifier = new DefaultSignatureAlgorithmIdentifierFinder().find(entry.getKey());
assertEquals(signatureAlgorithmIdentifier.getOid(), algorithmIdentifier.getAlgorithm().getId());
assertEquals(base16().encode(signatureAlgorithmIdentifier.getEncoded()), base16().encode(algorithmIdentifier.getAlgorithm().getEncoded("DER")));
assertEquals(algorithmIdentifier, algorithmIdentifier);
assertEquals(algorithmIdentifier.hashCode(), algorithmIdentifier.hashCode());
}
}
Also used :
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
Test(org.testng.annotations.Test)
Example 10 with DefaultSignatureAlgorithmIdentifierFinder
use of org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder in project service-proxy by membrane.
the class GeneratingSSLContext method sign.
public static X509Certificate sign(String subjectName, X509Certificate caPublic, PrivateKey caPrivate, PublicKey keyPublic) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, IOException, OperatorCreationException, CertificateException {
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter foo = PrivateKeyFactory.createKey(caPrivate.getEncoded());
SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(keyPublic.getEncoded());
org.bouncycastle.asn1.x500.X500Name caName = new JcaX509CertificateHolder(caPublic).getSubject();
X509v3CertificateBuilder myCertificateGenerator = new X509v3CertificateBuilder(caName, new BigInteger("1"), new Date(System.currentTimeMillis() - 30 * 24 * 24 * 60 * 60 * 1000), new Date(System.currentTimeMillis() + 30 * 365 * 24 * 60 * 60 * 1000), new org.bouncycastle.asn1.x500.X500Name(subjectName), keyInfo);
ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(foo);
X509CertificateHolder holder = myCertificateGenerator.build(sigGen);
org.bouncycastle.asn1.x509.Certificate eeX509CertificateStructure = holder.toASN1Structure();
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
// Read Certificate
InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded());
X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1);
is1.close();
return theCert;
// return null;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ContentSigner(org.bouncycastle.operator.ContentSigner)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
CertificateFactory(java.security.cert.CertificateFactory)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)
BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
BigInteger(java.math.BigInteger)
Aggregations
DefaultSignatureAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder)12
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)9
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)9
ContentSigner (org.bouncycastle.operator.ContentSigner)8
BcRSAContentSignerBuilder (org.bouncycastle.operator.bc.BcRSAContentSignerBuilder)8
BigInteger (java.math.BigInteger)7
X500Name (org.bouncycastle.asn1.x500.X500Name)7
X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)6
AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)6
IOException (java.io.IOException)5
X509Certificate (java.security.cert.X509Certificate)5
Date (java.util.Date)5
SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)5
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)4
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)4
SecureRandom (java.security.SecureRandom)3
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
EOFException (java.io.EOFException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
