use of org.openecard.bouncycastle.crypto.signers.RSADigestSigner in project open-ecard by ecsec.
the class KeyStoreSigner method sign.
// /**
// * Gets the certificate for this KeyStore entry converted to a BouncyCastle TLS certificate.
// *
// * @return The certificate chain in BouncyCastle format.
// * @throws CertificateException Thrown in case the certificate could not be found or converted.
// * @throws IllegalStateException Thrown in case the keystore is not initialized.
// */
// @Nonnull
// public synchronized Certificate getCertificateChain() throws CertificateException {
// if (bcCert == null) {
// try {
// java.security.cert.Certificate[] jcaCerts = getJCACertificateChain();
// bcCert = KeyTools.convertCertificates(jcaCerts);
// } catch (KeyStoreException ex) {
// throw new IllegalStateException("Uninitialized keystore supplied.");
// }
// }
// return bcCert;
// }
/**
* Signs the given hash with the entry represented by this instance.
*
* @param sigHashAlg Signature and hash algorithm. If {@code null}, then use PKCS1 v1.5.
* @param hash The hash that should be signed.
* @return Signature of the given hash.
* @throws SignatureException In case the signature could not be created.
* @throws CredentialPermissionDenied In case the signature could not be performed by the token due to missing
* permissions.
*/
public byte[] sign(@Nullable SignatureAndHashAlgorithm sigHashAlg, @Nonnull byte[] hash) throws SignatureException, CredentialPermissionDenied {
try {
Key key = keyStore.getKey(alias, password);
if (!(key instanceof RSAPrivateKey)) {
throw new SignatureException("No private key available for the sign operation.");
} else {
PrivateKey pKey = (PrivateKey) key;
AsymmetricKeyParameter bcKey = PrivateKeyFactory.createKey(pKey.getEncoded());
Signer signer;
if (sigHashAlg == null) {
signer = new GenericSigner(new PKCS1Encoding(new RSABlindedEngine()), new NullDigest());
} else {
ASN1ObjectIdentifier hashOid = TlsUtils.getOIDForHashAlgorithm(sigHashAlg.getHash());
signer = new RSADigestSigner(new NullDigest(), hashOid);
}
signer.init(true, new ParametersWithRandom(bcKey, ReusableSecureRandom.getInstance()));
signer.update(hash, 0, hash.length);
byte[] signature = signer.generateSignature();
return signature;
}
} catch (KeyStoreException ex) {
throw new IllegalStateException("Keystore is not initialized.");
} catch (UnrecoverableKeyException ex) {
throw new CredentialPermissionDenied("No usable key could be retrieved from the keystore.", ex);
} catch (NoSuchAlgorithmException ex) {
throw new SignatureException("Requested algorithm is not available.", ex);
} catch (IOException ex) {
throw new SignatureException("Failed to convert private key to BC class.");
} catch (CryptoException ex) {
throw new SignatureException("Failed to compute signature.", ex);
}
}
Aggregations