List of usage examples for org.bouncycastle.cms CMSSignedGenerator DIGEST_SHA256
String DIGEST_SHA256
To view the source code for org.bouncycastle.cms CMSSignedGenerator DIGEST_SHA256.
Click Source Link
From source file:com.aaasec.sigserv.csspsupport.pdfbox.CreateSignature.java
License:EUPL
/** * <p>// w w w . ja va 2s . c o m * SignatureInterface implementation. * </p> * * <p> * This method will be called from inside of the pdfbox and create the pkcs7 * signature. The given InputStream contains the bytes that are provided by * the byte range. * </p> * * <p> * This method is for internal use only. * </p> * * <p> * Here the user should use his favorite cryptographic library and implement * a pkcs7 signature creation. * </p> */ public byte[] sign(InputStream content) throws SignatureException, IOException { List<Certificate> certList = Arrays.asList(cert); CMSProcessableInputStream input = new CMSProcessableInputStream(content); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); CertStore certStore = null; try { Store certs = new JcaCertStore(certList); certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), provider); gen.addSigner(privKey, (X509Certificate) certList.get(0), CMSSignedGenerator.DIGEST_SHA256); gen.addCertificates(certs); CMSSignedData signedData = gen.generate(input, false, provider); model.setSignedData(signedData); PdfBoxSigUtil.parseSignedData(model); return signedData.getEncoded(); } catch (Exception e) { // should be handled System.err.println("Error while creating pkcs7 signature."); e.printStackTrace(); } throw new RuntimeException("Problem while preparing signature"); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Converts the passed algorithm or OID//from w ww. ja v a 2s. com */ public String convertAlgorithmNameToOID(String algorithm) throws NoSuchAlgorithmException { if (algorithm == null) { throw new NoSuchAlgorithmException( "convertAlgorithmNameToOID: Unable to proceed - Algorithm is absent"); } else if (algorithm.equalsIgnoreCase(ALGORITHM_MD5)) { return (CMSSignedGenerator.DIGEST_MD5); } else if (algorithm.equalsIgnoreCase(ALGORITHM_SHA1)) { return (CMSSignedGenerator.DIGEST_SHA1); } else if (algorithm.equalsIgnoreCase(ALGORITHM_SHA224) || algorithm.equalsIgnoreCase("sha224")) { return (CMSSignedGenerator.DIGEST_SHA224); } else if (algorithm.equalsIgnoreCase(ALGORITHM_SHA256) || algorithm.equalsIgnoreCase("sha256")) { return (CMSSignedGenerator.DIGEST_SHA256); } else if (algorithm.equalsIgnoreCase(ALGORITHM_SHA384) || algorithm.equalsIgnoreCase("sha384")) { return (CMSSignedGenerator.DIGEST_SHA384); } else if (algorithm.equalsIgnoreCase(ALGORITHM_SHA512) || algorithm.equalsIgnoreCase("sha512")) { return (CMSSignedGenerator.DIGEST_SHA512); } else if (algorithm.equalsIgnoreCase(ALGORITHM_3DES)) { return ("1.2.840.113549.3.7"); } else if (algorithm.equalsIgnoreCase(ALGORITHM_DES)) { return ("1.3.14.3.2.7"); } else if (algorithm.equalsIgnoreCase(ALGORITHM_CAST5)) { return (CMSEnvelopedDataGenerator.CAST5_CBC); } else if (algorithm.equalsIgnoreCase(ALGORITHM_IDEA)) { return (CMSEnvelopedDataGenerator.IDEA_CBC); } else if (algorithm.equalsIgnoreCase(ALGORITHM_RC2)) { return (CMSEnvelopedDataGenerator.RC2_CBC); } else if (algorithm.equalsIgnoreCase(ALGORITHM_RC4)) { return ("1.2.840.113549.3.4"); } else if (algorithm.equalsIgnoreCase(ALGORITHM_AES_128)) { return (CMSEnvelopedDataGenerator.AES128_CBC); } else if (algorithm.equalsIgnoreCase(ALGORITHM_AES_192)) { return (CMSEnvelopedDataGenerator.AES192_CBC); } else if (algorithm.equalsIgnoreCase(ALGORITHM_AES_256)) { return (CMSEnvelopedDataGenerator.AES256_CBC); } else { throw new NoSuchAlgorithmException("Unsupported algorithm: " + algorithm); } }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Converts the passed algorithm or OID/*from w w w. j av a 2s .co m*/ */ public String convertOIDToAlgorithmName(String oid) throws NoSuchAlgorithmException { if (oid == null) { throw new NoSuchAlgorithmException("convertOIDToAlgorithmName: OID is absent"); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_MD5)) { return (ALGORITHM_MD5); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_SHA1)) { return (ALGORITHM_SHA1); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_SHA224)) { return (ALGORITHM_SHA224); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_SHA256)) { return (ALGORITHM_SHA256); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_SHA384)) { return (ALGORITHM_SHA384); } else if (oid.equalsIgnoreCase(CMSSignedGenerator.DIGEST_SHA512)) { return (ALGORITHM_SHA512); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.CAST5_CBC)) { return (ALGORITHM_CAST5); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.DES_EDE3_CBC)) { return (ALGORITHM_3DES); } else if (oid.equalsIgnoreCase("1.3.14.3.2.7")) { return (ALGORITHM_DES); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.IDEA_CBC)) { return (ALGORITHM_IDEA); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.RC2_CBC)) { return (ALGORITHM_RC2); } else if (oid.equalsIgnoreCase("1.2.840.113549.3.4")) { return (ALGORITHM_RC4); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.AES128_CBC)) { return (ALGORITHM_AES_128); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.AES192_CBC)) { return (ALGORITHM_AES_192); } else if (oid.equalsIgnoreCase(CMSEnvelopedDataGenerator.AES256_CBC)) { return (ALGORITHM_AES_256); } else { throw new NoSuchAlgorithmException("Unsupported algorithm: OID " + oid); } }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectParser.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.2 *///from ww w.j a v a2s. c om private void verifyDigestAlgorithm(byte[] data) { validationResult.rejectIfFalse( CMSSignedGenerator.DIGEST_SHA256 .equals(getDigestAlgorithmOidFromEncodedCmsObject(data).getAlgorithm().getId()), CMS_SIGNED_DATA_DIGEST_ALGORITHM); }
From source file:net.ripe.rpki.commons.provisioning.cms.ProvisioningCmsObjectParser.java
License:BSD License
/** * http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09#section-3.1.1.6.3 *///from w w w. j a va2 s . co m private void verifyDigestAlgorithm(SignerInformation signer) { validationResult.rejectIfFalse(CMSSignedGenerator.DIGEST_SHA256.equals(signer.getDigestAlgOID()), CMS_SIGNER_INFO_DIGEST_ALGORITHM); }
From source file:org.cesecore.certificates.certificate.request.CVCRequestMessage.java
License:Open Source License
@Override public String getPreferredDigestAlg() { // Not used return CMSSignedGenerator.DIGEST_SHA256; }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
License:Open Source License
/** * Get the digest algorithm corresponding to the signature algorithm. This is used for the creation of * PKCS7 file. SHA1 shall always be used, but it is not working with GOST which needs GOST3411 digest. * //from w ww . jav a 2 s.c om */ public static String getDigestFromSigAlg(String sigAlg) { if (sigAlg.toUpperCase().contains("GOST") || sigAlg.toUpperCase().contains("DSTU")) { return CMSSignedGenerator.DIGEST_GOST3411; } else { if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA1.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA1; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA224.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha224WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA224; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA256.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA256; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA384.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha384WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA384; } else if (sigAlg.equals(X9ObjectIdentifiers.ecdsa_with_SHA512.getId()) || sigAlg.equals(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_SHA512; } else if (sigAlg.equals(PKCSObjectIdentifiers.md5WithRSAEncryption.getId())) { return CMSSignedGenerator.DIGEST_MD5; } else if (sigAlg.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId())) { return CMSSignedGenerator.DIGEST_GOST3411; } } return CMSSignedGenerator.DIGEST_SHA1; }
From source file:org.cesecore.certificates.util.AlgorithmTools.java
License:Open Source License
/** Calculates which signature algorithm to use given a key type and a digest algorithm * /* ww w.ja va2s .com*/ * @param digestAlg objectId of a digest algorithm, CMSSignedGenerator.DIGEST_SHA256 etc * @param keyAlg RSA, EC, DSA * @return ASN1ObjectIdentifier with the id of PKCSObjectIdentifiers.sha1WithRSAEncryption, X9ObjectIdentifiers.ecdsa_with_SHA1, X9ObjectIdentifiers.id_dsa_with_sha1, etc */ public static ASN1ObjectIdentifier getSignAlgOidFromDigestAndKey(final String digestAlg, final String keyAlg) { if (log.isTraceEnabled()) { log.trace(">getSignAlg(" + digestAlg + "," + keyAlg + ")"); } // Default to SHA1WithRSA if everything else fails ASN1ObjectIdentifier oid = PKCSObjectIdentifiers.sha1WithRSAEncryption; if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA)) { oid = X9ObjectIdentifiers.ecdsa_with_SHA1; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = X9ObjectIdentifiers.id_dsa_with_sha1; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECGOST3410)) { oid = CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001; } else if (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSTU4145)) { oid = new ASN1ObjectIdentifier(CesecoreConfiguration.getOidDstu4145()); } if (digestAlg != null) { if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.sha256WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.sha512WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_MD5) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_RSA)) { oid = PKCSObjectIdentifiers.md5WithRSAEncryption; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA256; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA224) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA224; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA384) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA384; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && (keyAlg.equals(AlgorithmConstants.KEYALGORITHM_ECDSA) || keyAlg.equals(AlgorithmConstants.KEYALGORITHM_EC))) { oid = X9ObjectIdentifiers.ecdsa_with_SHA512; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA256) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = NISTObjectIdentifiers.dsa_with_sha256; } else if (digestAlg.equals(CMSSignedGenerator.DIGEST_SHA512) && keyAlg.equals(AlgorithmConstants.KEYALGORITHM_DSA)) { oid = NISTObjectIdentifiers.dsa_with_sha512; } } if (log.isDebugEnabled()) { log.debug("getSignAlgOidFromDigestAndKey: " + oid.getId()); } return oid; }
From source file:org.ejbca.core.protocol.cmp.CrmfKeyUpdateTest.java
License:Open Source License
/** * Tests the possibility to use different signature algorithms in CMP requests and responses. * /* ww w .jav a 2 s. co m*/ * A KeyUpdate request, signed using ECDSA with SHA256, is sent to a CA that uses RSA with SHA256 as signature algorithm. * The expected response is signed by RSA with SHA256. * * @throws Exception */ @Test public void test15KeyUpdateMixAlgorithms() throws Exception { if (log.isTraceEnabled()) { log.trace(">test15KeyUpdateMixAlgorithms"); } this.cmpConfiguration.setKurAllowAutomaticUpdate(this.cmpAlias, true); this.cmpConfiguration.setKurAllowSameKey(this.cmpAlias, true); this.globalConfigurationSession.saveConfiguration(ADMIN, this.cmpConfiguration); //--------------- create the user and issue his first certificate ----------------- createUser(this.username, this.userDN.toString(), "foo123"); KeyPair keys = KeyTools.genKeys("prime192v1", AlgorithmConstants.KEYALGORITHM_ECDSA); final Certificate certificate; try { certificate = this.signSession.createCertificate(ADMIN, this.username, "foo123", new PublicKeyWrapper(keys.getPublic())); } catch (ObjectNotFoundException e) { throw new CertificateCreationException("Error encountered when creating certificate", e); } catch (CADoesntExistsException e) { throw new CertificateCreationException("Error encountered when creating certificate", e); } catch (EjbcaException e) { throw new CertificateCreationException("Error encountered when creating certificate", e); } catch (AuthorizationDeniedException e) { throw new CertificateCreationException("Error encountered when creating certificate", e); } catch (CesecoreException e) { throw new CertificateCreationException("Error encountered when creating certificate", e); } assertNotNull("Failed to create a test certificate", certificate); AlgorithmIdentifier pAlg = new AlgorithmIdentifier(X9ObjectIdentifiers.ecdsa_with_SHA256); PKIMessage req = genRenewalReq(this.userDN, this.cacert, this.nonce, this.transid, keys, false, null, null, pAlg, new DEROctetString(this.nonce)); assertNotNull("Failed to generate a CMP renewal request", req); CertReqMessages kur = (CertReqMessages) req.getBody().getContent(); int reqId = kur.toCertReqMsgArray()[0].getCertReq().getCertReqId().getValue().intValue(); CMPCertificate[] extraCert = getCMPCert(certificate); req = CmpMessageHelper.buildCertBasedPKIProtection(req, extraCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA256, "BC"); assertNotNull(req); ByteArrayOutputStream bao = new ByteArrayOutputStream(); DEROutputStream out = new DEROutputStream(bao); out.writeObject(req); byte[] ba = bao.toByteArray(); // Send request and receive response byte[] resp = sendCmpHttp(ba, 200, this.cmpAlias); checkCmpResponseGeneral(resp, this.issuerDN, this.userDN, this.cacert, this.nonce, this.transid, true, null, PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); X509Certificate cert = checkKurCertRepMessage(this.userDN, this.cacert, resp, reqId); assertNotNull("Failed to renew the certificate", cert); assertTrue("The new certificate's keys are incorrect.", cert.getPublicKey().equals(keys.getPublic())); if (log.isTraceEnabled()) { log.trace("<test15KeyUpdateMixAlgorithms"); } }
From source file:org.ejbca.core.protocol.cmp.CrmfRequestMessageTest.java
License:Open Source License
@Test public void testNovosecClientRequestSHA256() throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, SignatureException, IllegalStateException, OperatorCreationException, CertificateException { doNovosecClientRequest("SHA256WithRSA", CMSSignedGenerator.DIGEST_SHA256, PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); }