Search in sources :

Example 1 with CMSSignedDataGeneratorParameters

use of org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters in project xwiki-platform by xwiki.

the class RSACryptoScriptService method cmsSign.

/**
 * Generate a CMS (Cryptographic Message Syntax) signature for a given byte content. The resulting signature
 * might contains the content itself and the certificate chain of the key used to sign.
 *
 * @param data the data to be signed
 * @param keyPair the certified key pair used for signing
 * @param certificateProvider Optionally, a certificate provider for obtaining the chain of certificate to embed.
 *                            If null, no certificate are embedded with the signature.
 * @param existingSignature if not null, a existing signature on the same data that should be kept.
 * @param embedContent if true, the signed content is embedded with the signature.
 * @return the resulting signature encoded ASN.1 and in accordance with RFC 3852.
 * @throws GeneralSecurityException on error.
 */
public byte[] cmsSign(byte[] data, CertifiedKeyPair keyPair, CertificateProvider certificateProvider, CMSSignedDataVerified existingSignature, boolean embedContent) throws GeneralSecurityException {
    CMSSignedDataGeneratorParameters parameters = new CMSSignedDataGeneratorParameters().addSigner(CertifyingSigner.getInstance(true, keyPair, signerFactory));
    if (existingSignature != null) {
        for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
            parameters.addSignature(existingSigner);
        }
    }
    Set<CertifiedPublicKey> certs = new HashSet<CertifiedPublicKey>();
    if (existingSignature != null && existingSignature.getCertificates() != null) {
        certs.addAll(existingSignature.getCertificates());
    }
    if (certificateProvider != null) {
        if (existingSignature != null) {
            for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
                if (existingSigner.getSubjectKeyIdentifier() != null) {
                    addCertificateChain(certificateProvider.getCertificate(existingSigner.getSubjectKeyIdentifier()), certificateProvider, certs);
                } else {
                    addCertificateChain(certificateProvider.getCertificate(existingSigner.getIssuer(), existingSigner.getSerialNumber()), certificateProvider, certs);
                }
            }
        }
        addCertificateChain(keyPair.getCertificate(), certificateProvider, certs);
    }
    if (!certs.isEmpty()) {
        parameters.addCertificates(certs);
    }
    return cmsSignedDataGenerator.generate(data, parameters, embedContent);
}
Also used : CMSSignedDataGeneratorParameters(org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters) CMSSignerInfo(org.xwiki.crypto.signer.param.CMSSignerInfo) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) HashSet(java.util.HashSet)

Aggregations

HashSet (java.util.HashSet)1 CertifiedPublicKey (org.xwiki.crypto.pkix.params.CertifiedPublicKey)1 X509CertifiedPublicKey (org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)1 CMSSignedDataGeneratorParameters (org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters)1 CMSSignerInfo (org.xwiki.crypto.signer.param.CMSSignerInfo)1