Search in sources :

Example 1 with SerialNumber

use of sun.security.x509.SerialNumber in project jdk8u_jdk by JetBrains.

the class PKCS7 method generateSignedData.

/**
     * Assembles a PKCS #7 signed data message that optionally includes a
     * signature timestamp.
     *
     * @param signature the signature bytes
     * @param signerChain the signer's X.509 certificate chain
     * @param content the content that is signed; specify null to not include
     *        it in the PKCS7 data
     * @param signatureAlgorithm the name of the signature algorithm
     * @param tsaURI the URI of the Timestamping Authority; or null if no
     *         timestamp is requested
     * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority as a
     *         numerical object identifier; or null if we leave the TSA server
     *         to choose one. This argument is only used when tsaURI is provided
     * @return the bytes of the encoded PKCS #7 signed data message
     * @throws NoSuchAlgorithmException The exception is thrown if the signature
     *         algorithm is unrecognised.
     * @throws CertificateException The exception is thrown if an error occurs
     *         while processing the signer's certificate or the TSA's
     *         certificate.
     * @throws IOException The exception is thrown if an error occurs while
     *         generating the signature timestamp or while generating the signed
     *         data message.
     */
public static byte[] generateSignedData(byte[] signature, X509Certificate[] signerChain, byte[] content, String signatureAlgorithm, URI tsaURI, String tSAPolicyID, String tSADigestAlg) throws CertificateException, IOException, NoSuchAlgorithmException {
    // Generate the timestamp token
    PKCS9Attributes unauthAttrs = null;
    if (tsaURI != null) {
        // Timestamp the signature
        HttpTimestamper tsa = new HttpTimestamper(tsaURI);
        byte[] tsToken = generateTimestampToken(tsa, tSAPolicyID, tSADigestAlg, signature);
        // Insert the timestamp token into the PKCS #7 signer info element
        // (as an unsigned attribute)
        unauthAttrs = new PKCS9Attributes(new PKCS9Attribute[] { new PKCS9Attribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, tsToken) });
    }
    // Create the SignerInfo
    X500Name issuerName = X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
    BigInteger serialNumber = signerChain[0].getSerialNumber();
    String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
    String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
    SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber, AlgorithmId.get(digAlg), null, AlgorithmId.get(encAlg), signature, unauthAttrs);
    // Create the PKCS #7 signed data message
    SignerInfo[] signerInfos = { signerInfo };
    AlgorithmId[] algorithms = { signerInfo.getDigestAlgorithmId() };
    // Include or exclude content
    ContentInfo contentInfo = (content == null) ? new ContentInfo(ContentInfo.DATA_OID, null) : new ContentInfo(content);
    PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo, signerChain, signerInfos);
    ByteArrayOutputStream p7out = new ByteArrayOutputStream();
    pkcs7.encodeSignedData(p7out);
    return p7out.toByteArray();
}
Also used : X500Name(sun.security.x509.X500Name) AlgorithmId(sun.security.x509.AlgorithmId) BigInteger(java.math.BigInteger)

Example 2 with SerialNumber

use of sun.security.x509.SerialNumber in project jdk8u_jdk by JetBrains.

the class AdaptableX509CertSelector method setSkiAndSerialNumber.

/**
     * Sets the subjectKeyIdentifier and serialNumber criteria from the
     * authority key identifier extension.
     *
     * The subjectKeyIdentifier criterion is set to the keyIdentifier field
     * of the extension, or null if it is empty. The serialNumber criterion
     * is set to the authorityCertSerialNumber field, or null if it is empty.
     *
     * Note that we do not set the subject criterion to the
     * authorityCertIssuer field of the extension. The caller MUST set
     * the subject criterion before calling match().
     *
     * @param ext the authorityKeyIdentifier extension
     * @throws IOException if there is an error parsing the extension
     */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext) throws IOException {
    ski = null;
    serial = null;
    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber) ext.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
    // the subject criterion should be set by the caller
    }
}
Also used : SerialNumber(sun.security.x509.SerialNumber)

Aggregations

BigInteger (java.math.BigInteger)1 AlgorithmId (sun.security.x509.AlgorithmId)1 SerialNumber (sun.security.x509.SerialNumber)1 X500Name (sun.security.x509.X500Name)1