List of usage examples for org.bouncycastle.cert X509CertificateHolder X509CertificateHolder
public X509CertificateHolder(Certificate x509Certificate)
From source file:CreateSignatureBase.java
License:Apache License
/** * SignatureInterface implementation.// w w w . j a v a2s . com * * This method will be called from inside of the pdfbox and create the PKCS #7 signature. * The given InputStream contains the bytes that are given by the byte range. * * This method is for internal use only. <-- TODO this method should be private * * Use your favorite cryptographic library to implement PKCS #7 signature creation. */ @Override public byte[] sign(InputStream content) throws IOException { try { List<Certificate> certList = new ArrayList<Certificate>(); certList.add(certificate); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(ASN1Primitive.fromByteArray(certificate.getEncoded())); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .build(sha1Signer, new X509CertificateHolder(cert))); gen.addCertificates(certs); CMSProcessableInputStream msg = new CMSProcessableInputStream(content); CMSSignedData signedData = gen.generate(msg, false); if (tsaClient != null) { signedData = signTimeStamps(signedData); } return signedData.getEncoded(); } catch (GeneralSecurityException e) { throw new IOException(e); } catch (CMSException e) { throw new IOException(e); } catch (TSPException e) { throw new IOException(e); } catch (OperatorCreationException e) { throw new IOException(e); } }
From source file:be.e_contract.mycarenet.certra.cms.CMSSigner.java
License:Open Source License
private byte[] sign(byte[] data) throws SignatureException { CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); try {//w ww . j a va 2 s . co m ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").build(this.privateKey); cmsSignedDataGenerator.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build()).build(contentSigner, this.certificateChain.get(0))); for (X509Certificate certificate : this.certificateChain) { cmsSignedDataGenerator.addCertificate(new X509CertificateHolder(certificate.getEncoded())); } CMSTypedData cmsTypedData = new CMSProcessableByteArray(data); CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(cmsTypedData, true); return cmsSignedData.getEncoded(); } catch (Exception e) { throw new SignatureException(e); } }
From source file:be.e_contract.mycarenet.etee.Sealer.java
License:Open Source License
private byte[] sign(byte[] data, boolean includeCertificate) throws OperatorCreationException, CertificateEncodingException, CMSException, IOException { CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privKeyParams = PrivateKeyFactory .createKey(this.authenticationPrivateKey.getEncoded()); ContentSigner contentSigner = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKeyParams); cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) .build(contentSigner, this.authenticationCertificate)); if (includeCertificate) { cmsSignedDataGenerator/*from w w w . ja va2 s . c o m*/ .addCertificate(new X509CertificateHolder(this.authenticationCertificate.getEncoded())); } CMSTypedData cmsTypedData = new CMSProcessableByteArray(data); CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(cmsTypedData, true); return cmsSignedData.getEncoded(); }
From source file:be.fedict.trust.constraints.TSACertificateConstraint.java
License:Open Source License
@Override public void check(X509Certificate certificate) throws TrustLinkerResultException { // check ExtendedKeyUsage extension: id-kp-timeStamping X509CertificateHolder x509CertificateHolder; try {/*from ww w. ja va2 s .co m*/ x509CertificateHolder = new X509CertificateHolder(certificate.getEncoded()); } catch (CertificateEncodingException e) { throw new RuntimeException("certificate encoding error: " + e.getMessage(), e); } catch (IOException e) { throw new RuntimeException("IO error: " + e.getMessage(), e); } try { TSPUtil.validateCertificate(x509CertificateHolder); } catch (TSPValidationException e) { LOG.error("ExtendedKeyUsage extension with value \"id-kp-timeStamping\" not present."); throw new TrustLinkerResultException(TrustLinkerResultReason.CONSTRAINT_VIOLATION, "id-kp-timeStamping ExtendedKeyUsage not present"); } }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static OCSPResp createOcspResp(X509Certificate certificate, boolean revoked, X509Certificate issuerCertificate, X509Certificate ocspResponderCertificate, PrivateKey ocspResponderPrivateKey, String signatureAlgorithm) throws Exception { // request/*from ww w . ja v a 2 s. c o m*/ OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCertificate), certificate.getSerialNumber()); ocspReqBuilder.addRequest(certId); OCSPReq ocspReq = ocspReqBuilder.build(); BasicOCSPRespBuilder basicOCSPRespBuilder = new JcaBasicOCSPRespBuilder( ocspResponderCertificate.getPublicKey(), digCalcProv.get(CertificateID.HASH_SHA1)); // request processing Req[] requestList = ocspReq.getRequestList(); for (Req ocspRequest : requestList) { CertificateID certificateID = ocspRequest.getCertID(); CertificateStatus certificateStatus; if (revoked) { certificateStatus = new RevokedStatus(new Date(), CRLReason.unspecified); } else { certificateStatus = CertificateStatus.GOOD; } basicOCSPRespBuilder.addResponse(certificateID, certificateStatus); } // basic response generation X509CertificateHolder[] chain = null; if (!ocspResponderCertificate.equals(issuerCertificate)) { chain = new X509CertificateHolder[] { new X509CertificateHolder(ocspResponderCertificate.getEncoded()), new X509CertificateHolder(issuerCertificate.getEncoded()) }; } ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm) .build(ocspResponderPrivateKey); BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date()); // response generation OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder(); OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp); return ocspResp; }
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static OCSPResp createOcspResp(X509Certificate certificate, boolean revoked, X509Certificate issuerCertificate, X509Certificate ocspResponderCertificate, PrivateKey ocspResponderPrivateKey, String signatureAlgorithm, List<X509Certificate> ocspResponderCertificateChain) throws Exception { // request/*w w w . j a v a2s .co m*/ OCSPReqBuilder ocspReqBuilder = new OCSPReqBuilder(); DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(); CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCertificate), certificate.getSerialNumber()); ocspReqBuilder.addRequest(certId); OCSPReq ocspReq = ocspReqBuilder.build(); BasicOCSPRespBuilder basicOCSPRespBuilder = new JcaBasicOCSPRespBuilder( ocspResponderCertificate.getPublicKey(), digCalcProv.get(CertificateID.HASH_SHA1)); // request processing Req[] requestList = ocspReq.getRequestList(); for (Req ocspRequest : requestList) { CertificateID certificateID = ocspRequest.getCertID(); CertificateStatus certificateStatus; if (revoked) { certificateStatus = new RevokedStatus(new Date(), CRLReason.unspecified); } else { certificateStatus = CertificateStatus.GOOD; } basicOCSPRespBuilder.addResponse(certificateID, certificateStatus); } // basic response generation X509CertificateHolder[] chain; if (ocspResponderCertificateChain.isEmpty()) { chain = null; } else { chain = new X509CertificateHolder[ocspResponderCertificateChain.size()]; for (int idx = 0; idx < chain.length; idx++) { chain[idx] = new X509CertificateHolder(ocspResponderCertificateChain.get(idx).getEncoded()); } } ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").build(ocspResponderPrivateKey); BasicOCSPResp basicOCSPResp = basicOCSPRespBuilder.build(contentSigner, chain, new Date()); // response generation OCSPRespBuilder ocspRespBuilder = new OCSPRespBuilder(); OCSPResp ocspResp = ocspRespBuilder.build(OCSPRespBuilder.SUCCESSFUL, basicOCSPResp); return ocspResp; }
From source file:CA.InternalCA.java
License:Apache License
/** * Method to read cert from file.//from www. j av a2s. c om * * @param inputStream * * @return */ private X509CertificateHolder readCert(InputStream inputStream) { X509CertificateHolder x509CertificateHolder; try { x509CertificateHolder = new X509CertificateHolder(IOUtils.toByteArray(inputStream)); } catch (Exception e) { LOG.info("Cannot parse Internal CA certificate: " + e.getMessage()); return null; } return x509CertificateHolder; }
From source file:CAModulePackage.CertificateHelper.java
/** * Also pretty basic. Load an X.509 Certificate from the .PEM * file specified.//from www .j a v a2s . c om * @param filename - full path name to the certificate to be loaded. * @return The certificate loaded from the designated file. */ public static X509CertificateHolder loadCertFromFile(String filename) { PemReader reader = null; X509CertificateHolder certificate = null; try { reader = new PemReader(new FileReader(new File(filename))); } catch (FileNotFoundException e) { e.printStackTrace(); } try { certificate = new X509CertificateHolder(reader.readPemObject().getContent()); } catch (IOException e) { e.printStackTrace(); } return certificate; }
From source file:CAModulePackage.CertificateHelper.java
/** * /*from w w w. j a v a 2 s .com*/ * @param certFile - file to load the cert from (PEM file) * @return The certificate loaded from the designated file. */ public static X509CertificateHolder loadCertFromFile(File certFile) { PemReader reader = null; X509CertificateHolder certificate = null; try { reader = new PemReader(new FileReader(certFile)); } catch (FileNotFoundException e) { e.printStackTrace(); } try { certificate = new X509CertificateHolder(reader.readPemObject().getContent()); } catch (IOException e) { e.printStackTrace(); } return certificate; }
From source file:com.ackpdfbox.app.CreateSignatureBase.java
License:Apache License
/** * SignatureInterface implementation./*w ww . jav a2s . co m*/ * * This method will be called from inside of the pdfbox and create the PKCS #7 signature. * The given InputStream contains the bytes that are given by the byte range. * * This method is for internal use only. * * Use your favorite cryptographic library to implement PKCS #7 signature creation. */ @Override public byte[] sign(InputStream content) throws IOException { //TODO this method should be private try { List<Certificate> certList = new ArrayList<Certificate>(); certList.add(certificate); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(ASN1Primitive.fromByteArray(certificate.getEncoded())); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .build(sha1Signer, new X509CertificateHolder(cert))); gen.addCertificates(certs); CMSProcessableInputStream msg = new CMSProcessableInputStream(content); CMSSignedData signedData = gen.generate(msg, false); if (tsaClient != null) { signedData = signTimeStamps(signedData); } return signedData.getEncoded(); } catch (GeneralSecurityException e) { throw new IOException(e); } catch (CMSException e) { throw new IOException(e); } catch (TSPException e) { throw new IOException(e); } catch (OperatorCreationException e) { throw new IOException(e); } }