use of sun.security.x509.SerialNumber in project jdk8u_jdk by JetBrains.
the class PKCS7 method generateSignedData.
/**
* Assembles a PKCS #7 signed data message that optionally includes a
* signature timestamp.
*
* @param signature the signature bytes
* @param signerChain the signer's X.509 certificate chain
* @param content the content that is signed; specify null to not include
* it in the PKCS7 data
* @param signatureAlgorithm the name of the signature algorithm
* @param tsaURI the URI of the Timestamping Authority; or null if no
* timestamp is requested
* @param tSAPolicyID the TSAPolicyID of the Timestamping Authority as a
* numerical object identifier; or null if we leave the TSA server
* to choose one. This argument is only used when tsaURI is provided
* @return the bytes of the encoded PKCS #7 signed data message
* @throws NoSuchAlgorithmException The exception is thrown if the signature
* algorithm is unrecognised.
* @throws CertificateException The exception is thrown if an error occurs
* while processing the signer's certificate or the TSA's
* certificate.
* @throws IOException The exception is thrown if an error occurs while
* generating the signature timestamp or while generating the signed
* data message.
*/
public static byte[] generateSignedData(byte[] signature, X509Certificate[] signerChain, byte[] content, String signatureAlgorithm, URI tsaURI, String tSAPolicyID, String tSADigestAlg) throws CertificateException, IOException, NoSuchAlgorithmException {
// Generate the timestamp token
PKCS9Attributes unauthAttrs = null;
if (tsaURI != null) {
// Timestamp the signature
HttpTimestamper tsa = new HttpTimestamper(tsaURI);
byte[] tsToken = generateTimestampToken(tsa, tSAPolicyID, tSADigestAlg, signature);
// Insert the timestamp token into the PKCS #7 signer info element
// (as an unsigned attribute)
unauthAttrs = new PKCS9Attributes(new PKCS9Attribute[] { new PKCS9Attribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_STR, tsToken) });
}
// Create the SignerInfo
X500Name issuerName = X500Name.asX500Name(signerChain[0].getIssuerX500Principal());
BigInteger serialNumber = signerChain[0].getSerialNumber();
String encAlg = AlgorithmId.getEncAlgFromSigAlg(signatureAlgorithm);
String digAlg = AlgorithmId.getDigAlgFromSigAlg(signatureAlgorithm);
SignerInfo signerInfo = new SignerInfo(issuerName, serialNumber, AlgorithmId.get(digAlg), null, AlgorithmId.get(encAlg), signature, unauthAttrs);
// Create the PKCS #7 signed data message
SignerInfo[] signerInfos = { signerInfo };
AlgorithmId[] algorithms = { signerInfo.getDigestAlgorithmId() };
// Include or exclude content
ContentInfo contentInfo = (content == null) ? new ContentInfo(ContentInfo.DATA_OID, null) : new ContentInfo(content);
PKCS7 pkcs7 = new PKCS7(algorithms, contentInfo, signerChain, signerInfos);
ByteArrayOutputStream p7out = new ByteArrayOutputStream();
pkcs7.encodeSignedData(p7out);
return p7out.toByteArray();
}
use of sun.security.x509.SerialNumber in project jdk8u_jdk by JetBrains.
the class AdaptableX509CertSelector method setSkiAndSerialNumber.
/**
* Sets the subjectKeyIdentifier and serialNumber criteria from the
* authority key identifier extension.
*
* The subjectKeyIdentifier criterion is set to the keyIdentifier field
* of the extension, or null if it is empty. The serialNumber criterion
* is set to the authorityCertSerialNumber field, or null if it is empty.
*
* Note that we do not set the subject criterion to the
* authorityCertIssuer field of the extension. The caller MUST set
* the subject criterion before calling match().
*
* @param ext the authorityKeyIdentifier extension
* @throws IOException if there is an error parsing the extension
*/
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext) throws IOException {
ski = null;
serial = null;
if (ext != null) {
ski = ext.getEncodedKeyIdentifier();
SerialNumber asn = (SerialNumber) ext.get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
if (asn != null) {
serial = asn.getNumber();
}
// the subject criterion should be set by the caller
}
}
Aggregations