Search in sources :

Example 56 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project certmgr by hdecarne.

the class DERCertReaderWriter method encryptKey.

private static byte[] encryptKey(KeyPair key, String resource, PasswordCallback newPassword) throws IOException {
    char[] passwordChars = newPassword.queryPassword(resource);
    if (passwordChars == null) {
        throw new PasswordRequiredException(resource);
    }
    byte[] encoded;
    try {
        PKCS8EncryptedPrivateKeyInfoBuilder encryptedPrivateKeyInfoBuilder = new PKCS8EncryptedPrivateKeyInfoBuilder(KeyHelper.encodePrivateKey(key.getPrivate()));
        OutputEncryptor encryptor = OUTPUT_ENCRYPTOR_BUILDER.build(passwordChars);
        encoded = encryptedPrivateKeyInfoBuilder.build(encryptor).getEncoded();
    } catch (OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    return encoded;
}
Also used : PKCS8EncryptedPrivateKeyInfoBuilder(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder) PasswordRequiredException(de.carne.certmgr.certs.PasswordRequiredException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertProviderException(de.carne.certmgr.certs.CertProviderException) OutputEncryptor(org.bouncycastle.operator.OutputEncryptor)

Example 57 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project certmgr by hdecarne.

the class X509CRLHelper method generateCRL.

/**
 * Generate a CRL object.
 *
 * @param currentCRL The current CRL object in case of an update (may be {@code null}).
 * @param lastUpdate The last update timestamp to set.
 * @param nextUpdate The next update timestamp to set (may be {@code null}).
 * @param revokeEntries The revoked entries.
 * @param issuerDN The CRL issuer's DN.
 * @param issuerKey The CRL issuer's key pair.
 * @param signatureAlgorithm The signature algorithm to use for signing.
 * @return The generated CRL object.
 * @throws IOException if an error occurs during generation.
 */
public static X509CRL generateCRL(@Nullable X509CRL currentCRL, Date lastUpdate, @Nullable Date nextUpdate, Map<BigInteger, ReasonFlag> revokeEntries, X500Principal issuerDN, KeyPair issuerKey, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CRL generation ''{0}'' started...", issuerDN);
    // Initialize CRL builder
    JcaX509v2CRLBuilder crlBuilder = new JcaX509v2CRLBuilder(issuerDN, lastUpdate);
    if (nextUpdate != null) {
        crlBuilder.setNextUpdate(nextUpdate);
    }
    for (Map.Entry<BigInteger, ReasonFlag> revokeEntry : revokeEntries.entrySet()) {
        crlBuilder.addCRLEntry(revokeEntry.getKey(), lastUpdate, revokeEntry.getValue().value());
    }
    X509CRL crl;
    try {
        // Add extensions
        JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
        crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(issuerKey.getPublic()));
        BigInteger nextCRLNumber = getNextCRLNumber(currentCRL);
        crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(nextCRLNumber));
        // Sign and create CRL object
        ContentSigner crlSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(issuerKey.getPrivate());
        crl = new JcaX509CRLConverter().getCRL(crlBuilder.build(crlSigner));
    } catch (GeneralSecurityException | OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CRT generation ''{0}'' done", issuerDN);
    return crl;
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) GeneralSecurityException(java.security.GeneralSecurityException) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder) CertProviderException(de.carne.certmgr.certs.CertProviderException) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) BigInteger(java.math.BigInteger) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) Map(java.util.Map)

Example 58 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project certmgr by hdecarne.

the class PKCS10CertificateRequest method generateCSR.

/**
 * Generate a CSR object.
 *
 * @param dn The CSR's Distinguished Name (DN).
 * @param key The CSR's key pair
 * @param extensions The CRT's extension objects.
 * @param signatureAlgorithm The signature algorithm to use.
 * @return The generated CSR object.
 * @throws IOException if an error occurs during generation.
 */
public static PKCS10CertificateRequest generateCSR(X500Principal dn, KeyPair key, List<X509ExtensionData> extensions, SignatureAlgorithm signatureAlgorithm) throws IOException {
    LOG.info("CSR generation ''{0}'' started...", dn);
    // Initialize CSR builder
    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(dn, key.getPublic());
    // Add custom extension objects
    ExtensionsGenerator extensionGenerator = new ExtensionsGenerator();
    for (X509ExtensionData extensionData : extensions) {
        extensionGenerator.addExtension(new ASN1ObjectIdentifier(extensionData.oid()), extensionData.getCritical(), extensionData.encode());
    }
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionGenerator.generate());
    PKCS10CertificateRequest csr;
    try {
        // Sign CSR
        ContentSigner csrSigner;
        csrSigner = new JcaContentSignerBuilder(signatureAlgorithm.algorithm()).build(key.getPrivate());
        csr = fromPKCS10(csrBuilder.build(csrSigner));
    } catch (OperatorCreationException e) {
        throw new CertProviderException(e);
    }
    LOG.info("CSR generation ''{0}'' done", dn);
    return csr;
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) CertProviderException(de.carne.certmgr.certs.CertProviderException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator)

Example 59 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project vespa by vespa-engine.

the class Pkcs10CsrBuilder method build.

public Pkcs10Csr build() {
    try {
        PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic());
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (basicConstraintsExtension != null) {
            extGen.addExtension(Extension.basicConstraints, basicConstraintsExtension.isCritical, new BasicConstraints(basicConstraintsExtension.isCertAuthorityCertificate));
        }
        if (!subjectAlternativeNames.isEmpty()) {
            GeneralNames generalNames = new GeneralNames(subjectAlternativeNames.stream().map(san -> new GeneralName(GeneralName.dNSName, san)).toArray(GeneralName[]::new));
            extGen.addExtension(Extension.subjectAlternativeName, false, generalNames);
        }
        requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
        ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm.getAlgorithmName()).setProvider(BouncyCastleProviderHolder.getInstance()).build(keyPair.getPrivate());
        return new Pkcs10Csr(requestBuilder.build(contentSigner));
    } catch (OperatorCreationException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) JcaPKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder) PKCS10CertificationRequestBuilder(org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) ExtensionsGenerator(org.bouncycastle.asn1.x509.ExtensionsGenerator) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) GeneralName(org.bouncycastle.asn1.x509.GeneralName) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)

Example 60 with OperatorCreationException

use of org.bouncycastle.operator.OperatorCreationException in project signer by demoiselle.

the class CAdESSigner method doSign.

private byte[] doSign(byte[] content, byte[] previewSignature) {
    try {
        Security.addProvider(new BouncyCastleProvider());
        // Completa os certificados ausentes da cadeia, se houver
        if (this.certificate == null && this.certificateChain != null && this.certificateChain.length > 0) {
            this.certificate = (X509Certificate) this.certificateChain[0];
        }
        this.certificateChain = CAManager.getInstance().getCertificateChainArray(this.certificate);
        if (this.certificateChain.length < 3) {
            throw new SignerException(cadesMessagesBundle.getString("error.no.ca", this.certificate.getIssuerDN()));
        }
        Certificate[] certStore = new Certificate[] {};
        CMSSignedData cmsPreviewSignedData = null;
        // Importar todos os certificados da assinatura anterior
        if (previewSignature != null && previewSignature.length > 0) {
            cmsPreviewSignedData = new CMSSignedData(new CMSAbsentContent(), previewSignature);
            Collection<X509Certificate> previewCerts = this.getSignersCertificates(cmsPreviewSignedData);
            // previewCerts.add(this.certificate);
            certStore = previewCerts.toArray(new Certificate[] {});
        }
        setCertificateManager(new CertificateManager(this.certificate));
        // Recupera a lista de algoritmos da politica e o tamanho minimo da
        // chave
        List<AlgAndLength> listOfAlgAndLength = new ArrayList<AlgAndLength>();
        for (AlgAndLength algLength : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getAlgorithmConstraintSet().getSignerAlgorithmConstraints().getAlgAndLengths()) {
            listOfAlgAndLength.add(algLength);
        }
        AlgAndLength algAndLength = null;
        // verificar se o mesmo é permitido pela politica
        if (this.pkcs1.getAlgorithm() != null) {
            String varSetedAlgorithmOID = AlgorithmNames.getOIDByAlgorithmName(this.pkcs1.getAlgorithm());
            for (AlgAndLength algLength : listOfAlgAndLength) {
                if (algLength.getAlgID().getValue().equalsIgnoreCase(varSetedAlgorithmOID)) {
                    algAndLength = algLength;
                    SignerAlgorithmEnum varSignerAlgorithmEnum = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm());
                    String varOIDAlgorithmHash = varSignerAlgorithmEnum.getOIDAlgorithmHash();
                    ObjectIdentifier varObjectIdentifier = signaturePolicy.getSignPolicyHashAlg().getAlgorithm();
                    varObjectIdentifier.setValue(varOIDAlgorithmHash);
                    AlgorithmIdentifier varAlgorithmIdentifier = signaturePolicy.getSignPolicyHashAlg();
                    varAlgorithmIdentifier.setAlgorithm(varObjectIdentifier);
                    signaturePolicy.setSignPolicyHashAlg(varAlgorithmIdentifier);
                }
            }
        } else {
            algAndLength = listOfAlgAndLength.get(0);
        }
        if (algAndLength == null) {
            throw new SignerException(cadesMessagesBundle.getString("error.no.algorithm.policy"));
        }
        logger.info(cadesMessagesBundle.getString("info.algorithm.id", algAndLength.getAlgID().getValue()));
        logger.info(cadesMessagesBundle.getString("info.algorithm.name", AlgorithmNames.getAlgorithmNameByOID(algAndLength.getAlgID().getValue())));
        logger.info(cadesMessagesBundle.getString("info.algorithm.policy.default", AlgorithmNames.getOIDByAlgorithmName(getAlgorithm())));
        logger.info(cadesMessagesBundle.getString("info.min.key.length", algAndLength.getMinKeyLength()));
        // Recupera o tamanho minimo da chave para validacao
        logger.info(cadesMessagesBundle.getString("info.validating.key.length"));
        int keyLegth = ((RSAKey) certificate.getPublicKey()).getModulus().bitLength();
        if (keyLegth < algAndLength.getMinKeyLength()) {
            throw new SignerException(cadesMessagesBundle.getString("error.min.key.length", algAndLength.getMinKeyLength().toString(), keyLegth));
        }
        AttributeFactory attributeFactory = AttributeFactory.getInstance();
        // Consulta e adiciona os atributos assinados
        ASN1EncodableVector signedAttributes = new ASN1EncodableVector();
        logger.info(cadesMessagesBundle.getString("info.signed.attribute"));
        if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers() != null) {
            for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedSignedAttr().getObjectIdentifiers()) {
                SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory.factory(objectIdentifier.getValue());
                signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), certificateChain, content, signaturePolicy, this.hash);
                signedAttributes.add(signedOrUnsignedAttribute.getValue());
            }
        }
        // Monta a tabela de atributos assinados
        AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
        // Create the table table generator that will added to the Signer
        // builder
        CMSAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);
        // Recupera o(s) certificado(s) de confianca para validacao
        Collection<X509Certificate> trustedCAs = new HashSet<X509Certificate>();
        Collection<CertificateTrustPoint> ctp = signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSigningCertTrustCondition().getSignerTrustTrees().getCertificateTrustPoints();
        for (CertificateTrustPoint certificateTrustPoint : ctp) {
            logger.info(cadesMessagesBundle.getString("info.trust.point", certificateTrustPoint.getTrustpoint().getSubjectDN().toString()));
            trustedCAs.add(certificateTrustPoint.getTrustpoint());
        }
        // Efetua a validacao das cadeias do certificado baseado na politica
        Collection<X509Certificate> certificateChainTrusted = new HashSet<X509Certificate>();
        for (Certificate certCA : certificateChain) {
            certificateChainTrusted.add((X509Certificate) certCA);
        }
        X509Certificate rootOfCertificate = null;
        for (X509Certificate tcac : certificateChainTrusted) {
            logger.info(tcac.getIssuerDN().toString());
            if (CAManager.getInstance().isRootCA(tcac)) {
                rootOfCertificate = tcac;
            }
        }
        if (trustedCAs.contains(rootOfCertificate)) {
            logger.info(cadesMessagesBundle.getString("info.trust.in.point", rootOfCertificate.getSubjectDN()));
        } else {
            // Não encontrou na política, verificará nas cadeias do
            // componente chain-icp-brasil provavelmente certificado de
            // homologação.
            logger.warn(cadesMessagesBundle.getString("info.trust.poin.homolog"));
            CAManager.getInstance().validateRootCAs(certificateChainTrusted, certificate);
        }
        // validade da politica
        logger.info(cadesMessagesBundle.getString("info.policy.valid.period"));
        PolicyValidator pv = new PolicyValidator(this.signaturePolicy, this.policyName);
        pv.validate();
        // Realiza a assinatura do conteudo
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addCertificates(this.generatedCertStore(certStore));
        String algorithmOID = algAndLength.getAlgID().getValue();
        logger.info(cadesMessagesBundle.getString("info.algorithm.id", algorithmOID));
        SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().setSignedAttributeGenerator(signedAttributeGenerator).setUnsignedAttributeGenerator(null).build(AlgorithmNames.getAlgorithmNameByOID(algorithmOID), this.pkcs1.getPrivateKey(), this.certificate);
        gen.addSignerInfoGenerator(signerInfoGenerator);
        CMSTypedData cmsTypedData;
        // para assinatura do hash, content nulo
        if (content == null) {
            cmsTypedData = new CMSAbsentContent();
        } else {
            cmsTypedData = new CMSProcessableByteArray(content);
        }
        // Efetua a assinatura digital do conteúdo
        CMSSignedData cmsSignedData = gen.generate(cmsTypedData, this.attached);
        setAttached(false);
        // Consulta e adiciona os atributos não assinados//
        ASN1EncodableVector unsignedAttributes = new ASN1EncodableVector();
        logger.info(cadesMessagesBundle.getString("info.unsigned.attribute"));
        Collection<SignerInformation> vNewSigners = cmsSignedData.getSignerInfos().getSigners();
        Iterator<SignerInformation> it = vNewSigners.iterator();
        SignerInformation oSi = it.next();
        if (signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers() != null) {
            for (ObjectIdentifier objectIdentifier : signaturePolicy.getSignPolicyInfo().getSignatureValidationPolicy().getCommonRules().getSignerAndVeriferRules().getSignerRules().getMandatedUnsignedAttr().getObjectIdentifiers()) {
                SignedOrUnsignedAttribute signedOrUnsignedAttribute = attributeFactory.factory(objectIdentifier.getValue());
                if (signedOrUnsignedAttribute.getOID().equalsIgnoreCase(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId())) {
                    signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.certificateChainTimeStamp, oSi.getSignature(), signaturePolicy, this.hash);
                }
                if (// EscTimeStamp
                signedOrUnsignedAttribute.getOID().equalsIgnoreCase("1.2.840.113549.1.9.16.2.25")) {
                    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
                    outputStream.write(oSi.getSignature());
                    AttributeTable varUnsignedAttributes = oSi.getUnsignedAttributes();
                    Attribute varAttribute = varUnsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
                    outputStream.write(varAttribute.getAttrType().getEncoded());
                    outputStream.write(varAttribute.getAttrValues().getEncoded());
                    varAttribute = varUnsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_certificateRefs.getId()));
                    outputStream.write(varAttribute.getAttrType().getEncoded());
                    outputStream.write(varAttribute.getAttrValues().getEncoded());
                    varAttribute = varUnsignedAttributes.get(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_ets_revocationRefs.getId()));
                    outputStream.write(varAttribute.getAttrType().getEncoded());
                    outputStream.write(varAttribute.getAttrValues().getEncoded());
                    escTimeStampContent = outputStream.toByteArray();
                    signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), this.certificateChainTimeStamp, escTimeStampContent, signaturePolicy, this.hash);
                } else {
                    signedOrUnsignedAttribute.initialize(this.pkcs1.getPrivateKey(), certificateChain, oSi.getSignature(), signaturePolicy, this.hash);
                }
                unsignedAttributes.add(signedOrUnsignedAttribute.getValue());
                AttributeTable unsignedAttributesTable = new AttributeTable(unsignedAttributes);
                vNewSigners.remove(oSi);
                oSi = SignerInformation.replaceUnsignedAttributes(oSi, unsignedAttributesTable);
                vNewSigners.add(oSi);
            }
        }
        // TODO Estudar este método de contra-assinatura posteriormente
        if (previewSignature != null && previewSignature.length > 0) {
            vNewSigners.addAll(cmsPreviewSignedData.getSignerInfos().getSigners());
        }
        SignerInformationStore oNewSignerInformationStore = new SignerInformationStore(vNewSigners);
        CMSSignedData oSignedData = cmsSignedData;
        cmsSignedData = CMSSignedData.replaceSigners(oSignedData, oNewSignerInformationStore);
        byte[] result = cmsSignedData.getEncoded();
        logger.info(cadesMessagesBundle.getString("info.signature.ok"));
        return result;
    } catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) {
        throw new SignerException(ex);
    }
}
Also used : CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator) DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator) Attribute(org.bouncycastle.asn1.cms.Attribute) SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute) ArrayList(java.util.ArrayList) SignedOrUnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute) AttributeTable(org.bouncycastle.asn1.cms.AttributeTable) CertificateManager(org.demoiselle.signer.core.CertificateManager) SignerInformation(org.bouncycastle.cms.SignerInformation) AlgorithmIdentifier(org.demoiselle.signer.policy.engine.asn1.etsi.AlgorithmIdentifier) CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint) SignerInformationStore(org.bouncycastle.cms.SignerInformationStore) CMSAttributeTableGenerator(org.bouncycastle.cms.CMSAttributeTableGenerator) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) JcaSimpleSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) ObjectIdentifier(org.demoiselle.signer.policy.engine.asn1.etsi.ObjectIdentifier) HashSet(java.util.HashSet) CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray) CMSTypedData(org.bouncycastle.cms.CMSTypedData) SignerAlgorithmEnum(org.demoiselle.signer.policy.impl.cades.SignerAlgorithmEnum) CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent) AlgAndLength(org.demoiselle.signer.policy.engine.asn1.etsi.AlgAndLength) AttributeFactory(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.factory.AttributeFactory) CertificateEncodingException(java.security.cert.CertificateEncodingException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) CMSSignedData(org.bouncycastle.cms.CMSSignedData) X509Certificate(java.security.cert.X509Certificate) CertificateTrustPoint(org.demoiselle.signer.policy.engine.asn1.etsi.CertificateTrustPoint) PolicyValidator(org.demoiselle.signer.policy.engine.asn1.icpb.v2.PolicyValidator) SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) CMSException(org.bouncycastle.cms.CMSException)

Aggregations

OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)93 IOException (java.io.IOException)52 ContentSigner (org.bouncycastle.operator.ContentSigner)40 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)38 CertificateException (java.security.cert.CertificateException)32 X509Certificate (java.security.cert.X509Certificate)31 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)23 Date (java.util.Date)21 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)20 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)17 CMSException (org.bouncycastle.cms.CMSException)17 X500Name (org.bouncycastle.asn1.x500.X500Name)16 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)16 GeneralName (org.bouncycastle.asn1.x509.GeneralName)15 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)14 CMSSignedData (org.bouncycastle.cms.CMSSignedData)12 GeneralSecurityException (java.security.GeneralSecurityException)11 BigInteger (java.math.BigInteger)10 NoSuchProviderException (java.security.NoSuchProviderException)10 CertificateEncodingException (java.security.cert.CertificateEncodingException)10