Search in sources :

Example 1 with XiWrappedContentSigner

use of org.xipki.security.XiWrappedContentSigner in project xipki by xipki.

the class SoftTokenContentSignerBuilder method createSigner.

public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism, SecureRandom random) throws XiSecurityException, NoSuchPaddingException {
    ParamUtil.requireNonNull("signatureAlgId", signatureAlgId);
    ParamUtil.requireMin("parallelism", parallelism, 1);
    List<XiContentSigner> signers = new ArrayList<>(parallelism);
    final String provName = "SunJCE";
    if (Security.getProvider(provName) != null) {
        String algoName;
        try {
            algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId);
        } catch (NoSuchAlgorithmException ex) {
            throw new XiSecurityException(ex.getMessage());
        }
        try {
            for (int i = 0; i < parallelism; i++) {
                Signature signature = Signature.getInstance(algoName, provName);
                signature.initSign(key);
                if (i == 0) {
                    signature.update(new byte[] { 1, 2, 3, 4 });
                    signature.sign();
                }
                XiContentSigner signer = new SignatureSigner(signatureAlgId, signature, key);
                signers.add(signer);
            }
        } catch (Exception ex) {
            signers.clear();
        }
    }
    if (CollectionUtil.isEmpty(signers)) {
        BcContentSignerBuilder signerBuilder;
        AsymmetricKeyParameter keyparam;
        try {
            if (key instanceof RSAPrivateKey) {
                keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key);
                signerBuilder = new RSAContentSignerBuilder(signatureAlgId);
            } else if (key instanceof DSAPrivateKey) {
                keyparam = DSAUtil.generatePrivateKeyParameter(key);
                signerBuilder = new DSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
            } else if (key instanceof ECPrivateKey) {
                keyparam = ECUtil.generatePrivateKeyParameter(key);
                EllipticCurve curve = ((ECPrivateKey) key).getParams().getCurve();
                if (GMUtil.isSm2primev2Curve(curve)) {
                    signerBuilder = new SM2ContentSignerBuilder();
                } else {
                    signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
                }
            } else {
                throw new XiSecurityException("unsupported key " + key.getClass().getName());
            }
        } catch (InvalidKeyException ex) {
            throw new XiSecurityException("invalid key", ex);
        } catch (NoSuchAlgorithmException ex) {
            throw new XiSecurityException("no such algorithm", ex);
        }
        for (int i = 0; i < parallelism; i++) {
            if (random != null) {
                signerBuilder.setSecureRandom(random);
            }
            ContentSigner signer;
            try {
                signer = signerBuilder.build(keyparam);
            } catch (OperatorCreationException ex) {
                throw new XiSecurityException("operator creation error", ex);
            }
            signers.add(new XiWrappedContentSigner(signer, true));
        }
    }
    final boolean mac = false;
    ConcurrentContentSigner concurrentSigner;
    try {
        concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key);
    } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage(), ex);
    }
    if (certificateChain != null) {
        concurrentSigner.setCertificateChain(certificateChain);
    } else {
        concurrentSigner.setPublicKey(publicKey);
    }
    return concurrentSigner;
}
Also used : ArrayList(java.util.ArrayList) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) XiSecurityException(org.xipki.security.exception.XiSecurityException) XiWrappedContentSigner(org.xipki.security.XiWrappedContentSigner) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) XiContentSigner(org.xipki.security.XiContentSigner) BcContentSignerBuilder(org.bouncycastle.operator.bc.BcContentSignerBuilder) ECPrivateKey(java.security.interfaces.ECPrivateKey) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) ContentSigner(org.bouncycastle.operator.ContentSigner) XiContentSigner(org.xipki.security.XiContentSigner) XiWrappedContentSigner(org.xipki.security.XiWrappedContentSigner) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) InvalidKeyException(java.security.InvalidKeyException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchProviderException(java.security.NoSuchProviderException) SignatureSigner(org.xipki.security.SignatureSigner) DfltConcurrentContentSigner(org.xipki.security.DfltConcurrentContentSigner) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) EllipticCurve(java.security.spec.EllipticCurve) Signature(java.security.Signature) DSAPrivateKey(java.security.interfaces.DSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey)

Aggregations

IOException (java.io.IOException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 Signature (java.security.Signature)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 CertificateException (java.security.cert.CertificateException)1 DSAPrivateKey (java.security.interfaces.DSAPrivateKey)1 ECPrivateKey (java.security.interfaces.ECPrivateKey)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 EllipticCurve (java.security.spec.EllipticCurve)1 ArrayList (java.util.ArrayList)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)1 ContentSigner (org.bouncycastle.operator.ContentSigner)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1 BcContentSignerBuilder (org.bouncycastle.operator.bc.BcContentSignerBuilder)1 ConcurrentContentSigner (org.xipki.security.ConcurrentContentSigner)1 DfltConcurrentContentSigner (org.xipki.security.DfltConcurrentContentSigner)1