use of org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters in project xwiki-platform by xwiki.
the class RSACryptoScriptService method cmsSign.
/**
* Generate a CMS (Cryptographic Message Syntax) signature for a given byte content. The resulting signature
* might contains the content itself and the certificate chain of the key used to sign.
*
* @param data the data to be signed
* @param keyPair the certified key pair used for signing
* @param certificateProvider Optionally, a certificate provider for obtaining the chain of certificate to embed.
* If null, no certificate are embedded with the signature.
* @param existingSignature if not null, a existing signature on the same data that should be kept.
* @param embedContent if true, the signed content is embedded with the signature.
* @return the resulting signature encoded ASN.1 and in accordance with RFC 3852.
* @throws GeneralSecurityException on error.
*/
public byte[] cmsSign(byte[] data, CertifiedKeyPair keyPair, CertificateProvider certificateProvider, CMSSignedDataVerified existingSignature, boolean embedContent) throws GeneralSecurityException {
CMSSignedDataGeneratorParameters parameters = new CMSSignedDataGeneratorParameters().addSigner(CertifyingSigner.getInstance(true, keyPair, signerFactory));
if (existingSignature != null) {
for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
parameters.addSignature(existingSigner);
}
}
Set<CertifiedPublicKey> certs = new HashSet<CertifiedPublicKey>();
if (existingSignature != null && existingSignature.getCertificates() != null) {
certs.addAll(existingSignature.getCertificates());
}
if (certificateProvider != null) {
if (existingSignature != null) {
for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
if (existingSigner.getSubjectKeyIdentifier() != null) {
addCertificateChain(certificateProvider.getCertificate(existingSigner.getSubjectKeyIdentifier()), certificateProvider, certs);
} else {
addCertificateChain(certificateProvider.getCertificate(existingSigner.getIssuer(), existingSigner.getSerialNumber()), certificateProvider, certs);
}
}
}
addCertificateChain(keyPair.getCertificate(), certificateProvider, certs);
}
if (!certs.isEmpty()) {
parameters.addCertificates(certs);
}
return cmsSignedDataGenerator.generate(data, parameters, embedContent);
}
Aggregations