List of usage examples for org.bouncycastle.cms.jcajce JcaSimpleSignerInfoGeneratorBuilder JcaSimpleSignerInfoGeneratorBuilder
public JcaSimpleSignerInfoGeneratorBuilder() throws OperatorCreationException
From source file:be.fedict.trust.test.PKITestUtils.java
License:Open Source License
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain) throws Exception { Store certs = new JcaCertStore(certificateChain); TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator(); requestGen.setCertReq(true);//from ww w. jav a 2s .co m TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)), new JcaDigestCalculatorProviderBuilder().build().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), new ASN1ObjectIdentifier("1.2")); tsTokenGen.addCertificates(certs); return tsTokenGen.generate(request, BigInteger.ONE, new Date()); }
From source file:br.ufpb.dicomflow.integrationAPI.mail.AbstractMailSender.java
License:Open Source License
private Message signAndEcrypt(Message message, X509Certificate signCert, X509Certificate encryptCert, PrivateKey privateKey) throws Exception { MailcapCommandMap mailcap = (MailcapCommandMap) CommandMap.getDefaultCommandMap(); mailcap.addMailcap(//from w w w . j a va 2 s.c o m "application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature"); mailcap.addMailcap( "application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime"); mailcap.addMailcap( "application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"); mailcap.addMailcap( "application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"); mailcap.addMailcap( "multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed"); CommandMap.setDefaultCommandMap(mailcap); /* Create the Signer - SMIMESignedGenerator */ SMIMECapabilityVector capabilities = new SMIMECapabilityVector(); capabilities.addCapability(SMIMECapability.dES_EDE3_CBC); capabilities.addCapability(SMIMECapability.rC2_CBC, 128); capabilities.addCapability(SMIMECapability.dES_CBC); ASN1EncodableVector attributes = new ASN1EncodableVector(); attributes.add(new SMIMEEncryptionKeyPreferenceAttribute( new IssuerAndSerialNumber(new X500Name(((X509Certificate) signCert).getIssuerDN().getName()), ((X509Certificate) signCert).getSerialNumber()))); attributes.add(new SMIMECapabilitiesAttribute(capabilities)); SMIMESignedGenerator signer = new SMIMESignedGenerator(); signer.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder() .setSignedAttributeGenerator(new AttributeTable(attributes)) .build("DSA".equals(privateKey.getAlgorithm()) ? "SHA1withDSA" : "MD5withRSA", privateKey, signCert)); /* Add the list of certs to the generator */ List certList = new ArrayList(); certList.add(signCert); Store certs = new JcaCertStore(certList); signer.addCertificates(certs); /* Sign the message */ MimeMultipart mm = signer.generate((MimeMessage) message); MimeMessage signedMessage = new MimeMessage(message.getSession()); /* Set all original MIME headers in the signed message */ Enumeration headers = ((MimeMessage) message).getAllHeaderLines(); while (headers.hasMoreElements()) { signedMessage.addHeaderLine((String) headers.nextElement()); } /* Set the content of the signed message */ signedMessage.setContent(mm); signedMessage.saveChanges(); /* Create the encrypter - SMIMEEnvelopedGenerator */ SMIMEEnvelopedGenerator encrypter = new SMIMEEnvelopedGenerator(); encrypter.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(encryptCert)); /* Encrypt the message */ MimeBodyPart encryptedPart = encrypter.generate(signedMessage, new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC).build()); /* * Create a new MimeMessage that contains the encrypted and signed * content */ ByteArrayOutputStream out = new ByteArrayOutputStream(); encryptedPart.writeTo(out); MimeMessage encryptedMessage = new MimeMessage(message.getSession(), new ByteArrayInputStream(out.toByteArray())); /* Set all original MIME headers in the encrypted message */ headers = ((MimeMessage) message).getAllHeaderLines(); while (headers.hasMoreElements()) { String headerLine = (String) headers.nextElement(); /* * Make sure not to override any content-* headers from the * original message */ if (!Strings.toLowerCase(headerLine).startsWith("content-")) { encryptedMessage.addHeaderLine(headerLine); } } return encryptedMessage; }
From source file:com.mycompany.mavenproject1.Signer.java
public void init(P12KeyContainer keyContainer) throws CertificateEncodingException, OperatorCreationException, CMSException { Security.addProvider(new BouncyCastleProvider()); List certList = new ArrayList(); X509Certificate cert = (X509Certificate) keyContainer.certificate; certList.add(cert);/*from w w w . ja va 2 s. c om*/ Store certsStore = new JcaCertStore(certList); generator = new CMSSignedDataGenerator(); JcaSimpleSignerInfoGeneratorBuilder genInfo = new JcaSimpleSignerInfoGeneratorBuilder(); genInfo.setProvider("BC"); genInfo.setDirectSignature(true); SignerInfoGenerator signerInfoGenerator = genInfo.build("GOST3411withECGOST3410", (PrivateKey) keyContainer.privateKey, cert); generator.addSignerInfoGenerator(signerInfoGenerator); generator.addCertificates(certsStore); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Create a pkcs7-signature of the passed content and returns it * * @param chain certificate chain, chain[0] is the signers certificate * itself// ww w. j av a2 s . co m * @param embeddOriginalData Indicates if the original data should be * embedded in the signature * */ public byte[] sign(byte[] content, Certificate[] chain, Key key, String digest, boolean embeddOriginalData) throws Exception { X509Certificate x509Cert = this.castCertificate(chain[0]); PrivateKey privKey = this.getPrivateKey(key); CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator(); //add dont know ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); if (digest.equalsIgnoreCase(ALGORITHM_SHA1)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA1withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_MD5)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("MD5withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA224)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA224withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA256)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA256withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA384)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA384withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA512)) { signedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA512withRSA", privKey, x509Cert)); } else { throw new Exception("sign: Signing digest " + digest + " not supported."); } //add cert store List<Certificate> certList = Arrays.asList(chain); Store certStore = new JcaCertStore(certList); signedDataGenerator.addCertificates(certStore); if (content == null) { throw new Exception("sign: content is absent"); } CMSTypedData processable = new CMSProcessableByteArray(content); CMSSignedData signatureData = signedDataGenerator.generate(processable, embeddOriginalData); return (signatureData.getEncoded()); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * @param chain certificate chain, chain[0] is the signers certificate * itself Signs the data using S/MIME 3.1 - dont use if for S/MIME 3.2 or * higher/* w w w . j a va 2 s . c o m*/ */ public MimeMultipart sign(MimeBodyPart body, Certificate[] chain, Key key, String digest) throws Exception { X509Certificate x509Cert = this.castCertificate(chain[0]); PrivateKey privKey = this.getPrivateKey(key); //call this generator with a S/MIME 3.1 compatible constructor as it defaults to RFC 5751 (other micalg values) SMIMESignedGenerator signedGenerator = new SMIMESignedGenerator(SMIMESignedGenerator.RFC3851_MICALGS); //add dont know ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); if (digest.equalsIgnoreCase(ALGORITHM_SHA1)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA1withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA224)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA224withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA256)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA256withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA384)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA384withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA512)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA512withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_MD5)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("MD5withRSA", privKey, x509Cert)); } else { throw new Exception("sign: Signing digest " + digest + " not supported."); } //add cert store List<Certificate> certList = Arrays.asList(chain); Store certStore = new JcaCertStore(certList); signedGenerator.addCertificates(certStore); MimeMultipart signedPart = signedGenerator.generate(body); return (signedPart); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * @param chain certificate chain, chain[0] is the signers certificate * itself Signs the data using S/MIME 3.1 - dont use if for S/MIME 3.2 or * higher/*from w w w. j av a 2s.co m*/ */ public MimeMultipart sign(MimeMessage message, Certificate[] chain, Key key, String digest) throws Exception { if (message == null) { throw new Exception("sign: Message is absent"); } X509Certificate x509Cert = this.castCertificate(chain[0]); PrivateKey privKey = this.getPrivateKey(key); SMIMESignedGenerator signedGenerator = new SMIMESignedGenerator(SMIMESignedGenerator.RFC3851_MICALGS); //add dont know ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); if (digest.equalsIgnoreCase(ALGORITHM_SHA1)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA1withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA224)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA224withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA256)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA256withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA384)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA384withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_SHA512)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA512withRSA", privKey, x509Cert)); } else if (digest.equalsIgnoreCase(ALGORITHM_MD5)) { signedGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("MD5withRSA", privKey, x509Cert)); } else { throw new Exception("sign: Signing digest " + digest + " not supported."); } //add cert store List<Certificate> certList = Arrays.asList(chain); Store certStore = new JcaCertStore(certList); signedGenerator.addCertificates(certStore); MimeMultipart multipart = signedGenerator.generate(message); return (multipart); }
From source file:eu.peppol.as2.SMimeMessageFactory.java
License:EUPL
/** Creates an S/MIME message using the supplied MimeBodyPart. The signature is generated using the private key * as supplied in the constructor. Our certificate, which is required to verify the signature is enclosed. */// www.j a v a2s.c o m public MimeMessage createSignedMimeMessage(MimeBodyPart mimeBodyPart) { // // S/MIME capabilities are required, but we simply supply an empty vector // ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); // // create the generator for creating an smime/signed message // SMIMESignedGenerator smimeSignedGenerator = new SMIMESignedGenerator("binary"); //also see CMSSignedGenerator ? // // add a signer to the generator - this specifies we are using SHA1 and // adding the smime attributes above to the signed attributes that // will be generated as part of the signature. The encryption algorithm // used is taken from the key - in this RSA with PKCS1Padding // try { smimeSignedGenerator.addSignerInfoGenerator( new JcaSimpleSignerInfoGeneratorBuilder().setProvider(new BouncyCastleProvider()) .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) .build("SHA1withRSA", privateKey, ourCertificate)); } catch (OperatorCreationException e) { throw new IllegalStateException("Unable to add Signer information. " + e.getMessage(), e); } catch (CertificateEncodingException e) { throw new IllegalStateException( "Certificate encoding problems while adding signer information." + e.getMessage(), e); } // // add our pool of certs and crls (if any) to go with the signature // List certList = new ArrayList(); certList.add(ourCertificate); // // create a CertStore containing the certificates we want carried // in the signature // Store certs = null; try { certs = new JcaCertStore(certList); } catch (CertificateEncodingException e) { throw new IllegalStateException("Unable to create JcaCertStore with our certificate. " + e.getMessage(), e); } smimeSignedGenerator.addCertificates(certs); // // Signs the supplied MimeBodyPart // MimeMultipart mimeMultipart = null; try { mimeMultipart = smimeSignedGenerator.generate(mimeBodyPart); } catch (SMIMEException e) { throw new IllegalStateException("Unable to generate signed mime multipart." + e.getMessage(), e); } // // Get a Session object and create the mail message // Properties props = System.getProperties(); Session session = Session.getDefaultInstance(props, null); MimeMessage mimeMessage = new MimeMessage(session); try { mimeMessage.setContent(mimeMultipart, mimeMultipart.getContentType()); } catch (MessagingException e) { throw new IllegalStateException("Unable to set Content type of MimeMessage. " + e.getMessage(), e); } try { mimeMessage.saveChanges(); } catch (MessagingException e) { throw new IllegalStateException("Unable to save changes to Mime message. " + e.getMessage(), e); } return mimeMessage; }
From source file:net.markenwerk.utils.mail.smime.SmimeUtil.java
License:Open Source License
private static SignerInfoGenerator getInfoGenerator(SmimeKey smimeKey) throws OperatorCreationException, CertificateEncodingException { JcaSimpleSignerInfoGeneratorBuilder builder = new JcaSimpleSignerInfoGeneratorBuilder(); builder.setSignedAttributeGenerator(new AttributeTable(getSignedAttributes(smimeKey))); builder.setProvider(BouncyCastleProvider.PROVIDER_NAME); PrivateKey privateKey = smimeKey.getPrivateKey(); X509Certificate certificate = smimeKey.getCertificate(); SignerInfoGenerator infoGenerator = builder.build("SHA256withRSA", privateKey, certificate); return infoGenerator; }
From source file:no.difi.oxalis.as2.util.SMimeMessageFactory.java
License:EUPL
/** * Creates an S/MIME message using the supplied MimeBodyPart. The signature is generated using the private key * as supplied in the constructor. Our certificate, which is required to verify the signature is enclosed. *//*from ww w. j a va 2 s . c o m*/ public MimeMessage createSignedMimeMessage(MimeBodyPart mimeBodyPart, SMimeDigestMethod digestMethod) throws OxalisTransmissionException { // // S/MIME capabilities are required, but we simply supply an empty vector // ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); // // create the generator for creating an smime/signed message // SMIMESignedGenerator smimeSignedGenerator = new SMIMESignedGenerator("binary"); //also see CMSSignedGenerator ? // // add a signer to the generator - this specifies we are using SHA1 and // adding the smime attributes above to the signed attributes that // will be generated as part of the signature. The encryption algorithm // used is taken from the key - in this RSA with PKCS1Padding // try { smimeSignedGenerator.addSignerInfoGenerator( new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME) .setSignedAttributeGenerator(new AttributeTable(signedAttrs)) // .build("SHA1withRSA", privateKey, ourCertificate)); .build(digestMethod.getMethod(), privateKey, ourCertificate)); } catch (OperatorCreationException e) { throw new OxalisTransmissionException("Unable to add Signer information. " + e.getMessage(), e); } catch (CertificateEncodingException e) { throw new OxalisTransmissionException(String.format( "Certificate encoding problems while adding signer information. %s", e.getMessage()), e); } // // create a CertStore containing the certificates we want carried // in the signature // Store certs; try { certs = new JcaCertStore(Collections.singleton(ourCertificate)); } catch (CertificateEncodingException e) { throw new OxalisTransmissionException( "Unable to create JcaCertStore with our certificate. " + e.getMessage(), e); } smimeSignedGenerator.addCertificates(certs); // // Signs the supplied MimeBodyPart // MimeMultipart mimeMultipart; try { mimeMultipart = smimeSignedGenerator.generate(mimeBodyPart); } catch (SMIMEException e) { throw new OxalisTransmissionException("Unable to generate signed mime multipart." + e.getMessage(), e); } // // Get a Session object and create the mail message // Properties props = System.getProperties(); Session session = Session.getDefaultInstance(props, null); MimeMessage mimeMessage = new MimeMessage(session); try { mimeMessage.setContent(mimeMultipart, mimeMultipart.getContentType()); } catch (MessagingException e) { throw new OxalisTransmissionException("Unable to set Content type of MimeMessage. " + e.getMessage(), e); } try { mimeMessage.saveChanges(); } catch (MessagingException e) { throw new OxalisTransmissionException("Unable to save changes to Mime message. " + e.getMessage(), e); } return mimeMessage; }
From source file:org.apache.james.transport.SMIMEKeyHolder.java
License:Apache License
/** * Creates an <CODE>SMIMESignedGenerator</CODE>. Includes a signer private key and certificate, * and a pool of certs and cerls (if any) to go with the signature. * @return The generated SMIMESignedGenerator. *//*ww w . java2 s . c o m*/ public SMIMESignedGenerator createGenerator() throws CertStoreException, SMIMEException, OperatorCreationException, CertificateEncodingException { // create the generator for creating an smime/signed message SMIMESignedGenerator generator = new SMIMESignedGenerator(); // add a signer to the generator - this specifies we are using SHA1 // the encryption algorithm used is taken from the key SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC") .build("SHA1withRSA", privateKey, certificate); generator.addSignerInfoGenerator(signerInfoGenerator); // add our pool of certs and cerls (if any) to go with the signature generator.addCertificates(jcaCertStore); return generator; }