Examples with DirectKeyingDataProvider - xades4j.providers.impl.DirectKeyingDataProvider

Example 1 with DirectKeyingDataProvider

use of xades4j.providers.impl.DirectKeyingDataProvider in project xades4j by luisgoncalves.

the class SignerSpecificTest method signWithNationalCertificate.

@Test
public void signWithNationalCertificate() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
    keyGen.initialize(1024, new SecureRandom());
    Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
    // 1 year
    long add = (1L * 365L * 24L * 60L * 60L * 1000L);
    Date validityEndDate = new Date(System.currentTimeMillis() + add);
    KeyPair keyPair = keyGen.generateKeyPair();
    X509Certificate certWithNationalSymbols;
    {
        // generate certificate with national symbols in DN
        X500NameBuilder x500NameBuilder = new X500NameBuilder();
        AttributeTypeAndValue attr = new AttributeTypeAndValue(RFC4519Style.cn, commonName);
        x500NameBuilder.addRDN(attr);
        X500Name dn = x500NameBuilder.build();
        X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(// issuer authority
        dn, // serial number of certificate
        BigInteger.valueOf(new Random().nextInt()), // start of validity
        validityBeginDate, // end of certificate validity
        validityEndDate, // subject name of certificate
        dn, // public key of certificate
        keyPair.getPublic());
        // key usage restrictions
        builder.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.cRLSign));
        builder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
        certWithNationalSymbols = new JcaX509CertificateConverter().getCertificate(builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate())));
    }
    XadesSigner signer = new XadesBesSigningProfile(new DirectKeyingDataProvider(certWithNationalSymbols, keyPair.getPrivate())).newSigner();
    Document doc1 = getTestDocument();
    Element elemToSign = doc1.getDocumentElement();
    DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id")).withTransform(new EnvelopedSignatureTransform());
    SignedDataObjects signDataObject = new SignedDataObjects(obj1);
    signer.sign(signDataObject, doc1.getDocumentElement());
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    outputDOM(doc1, baos);
    String str = new String(baos.toByteArray());
    // expected without parsing exception
    Document doc = parseDocument(new ByteArrayInputStream(baos.toByteArray()));
}

Also used : X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) Element(org.w3c.dom.Element) KeyUsage(org.bouncycastle.asn1.x509.KeyUsage) EnvelopedSignatureTransform(xades4j.algorithms.EnvelopedSignatureTransform) X500Name(org.bouncycastle.asn1.x500.X500Name) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) Document(org.w3c.dom.Document) DataObjectDesc(xades4j.properties.DataObjectDesc) Random(java.util.Random) SecureRandom(java.security.SecureRandom) DirectKeyingDataProvider(xades4j.providers.impl.DirectKeyingDataProvider) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) KeyPair(java.security.KeyPair) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue) ByteArrayInputStream(java.io.ByteArrayInputStream) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) Test(org.junit.Test)

Example 2 with DirectKeyingDataProvider

use of xades4j.providers.impl.DirectKeyingDataProvider in project ref-GemLibPki by gematik.

the class TslSigner method sign.

/**
 * Signs a given tsl
 *
 * @param tsl    The tsl to sign
 * @param signer {@link P12Container} with x509certificate an key (RSA/ECC) for signature
 * @throws XAdES4jException during signature process or signer reading errors
 */
public static void sign(final Document tsl, final P12Container signer) throws XAdES4jException {
    final Element elemToSign = getTslWithoutSignature(tsl);
    final KeyingDataProvider kdp = new DirectKeyingDataProvider(signer.getCertificate(), signer.getPrivateKey());
    final XadesSigner xSigner = new XadesBesSigningProfile(kdp).withSignatureAlgorithms(new SignatureAlgorithms().withSignatureAlgorithm("RSA", ALGO_ID_SIGNATURE_RSA_SHA256_MGF1).withCanonicalizationAlgorithmForSignature(new ExclusiveCanonicalXMLWithoutComments()).withCanonicalizationAlgorithmForTimeStampProperties(new ExclusiveCanonicalXMLWithoutComments())).withBasicSignatureOptions(new BasicSignatureOptions().includeIssuerSerial(false).includeSubjectName(false)).newSigner();
    final DataObjectDesc dod = new DataObjectReference("").withTransform(new EnvelopedSignatureTransform()).withTransform(new ExclusiveCanonicalXMLWithoutComments()).withDataObjectFormat(new DataObjectFormatProperty("text/xml", ""));
    xSigner.sign(new SignedDataObjects(dod), elemToSign);
}

Also used : ExclusiveCanonicalXMLWithoutComments(xades4j.algorithms.ExclusiveCanonicalXMLWithoutComments) Element(org.w3c.dom.Element) DataObjectFormatProperty(xades4j.properties.DataObjectFormatProperty) EnvelopedSignatureTransform(xades4j.algorithms.EnvelopedSignatureTransform) DataObjectDesc(xades4j.properties.DataObjectDesc) DirectKeyingDataProvider(xades4j.providers.impl.DirectKeyingDataProvider) KeyingDataProvider(xades4j.providers.KeyingDataProvider) DirectKeyingDataProvider(xades4j.providers.impl.DirectKeyingDataProvider)

Aggregations

Element (org.w3c.dom.Element)2 EnvelopedSignatureTransform (xades4j.algorithms.EnvelopedSignatureTransform)2 DataObjectDesc (xades4j.properties.DataObjectDesc)2 DirectKeyingDataProvider (xades4j.providers.impl.DirectKeyingDataProvider)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 SecureRandom (java.security.SecureRandom)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 Random (java.util.Random)1 DERBMPString (org.bouncycastle.asn1.DERBMPString)1 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1 AttributeTypeAndValue (org.bouncycastle.asn1.x500.AttributeTypeAndValue)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 X500NameBuilder (org.bouncycastle.asn1.x500.X500NameBuilder)1 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)1 KeyUsage (org.bouncycastle.asn1.x509.KeyUsage)1 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1