List of usage examples for org.bouncycastle.operator.bc BcContentSignerBuilder setSecureRandom
public BcContentSignerBuilder setSecureRandom(SecureRandom random)
From source file:org.xipki.commons.security.pkcs12.SoftTokenContentSignerBuilder.java
License:Open Source License
public ConcurrentContentSigner createSigner(final AlgorithmIdentifier signatureAlgId, final int parallelism, final SecureRandom random) throws OperatorCreationException, NoSuchPaddingException { ParamUtil.requireNonNull("signatureAlgId", signatureAlgId); ParamUtil.requireMin("parallelism", parallelism, 1); List<ContentSigner> signers = new ArrayList<>(parallelism); ASN1ObjectIdentifier algOid = signatureAlgId.getAlgorithm(); final String provName = XiSecurityConstants.PROVIDER_NAME_NSS; if (Security.getProvider(provName) != null && !(key instanceof ECPrivateKey)) { String algoName;//from w w w . j a v a 2s .c o m try { algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId); } catch (NoSuchAlgorithmException ex) { throw new OperatorCreationException(ex.getMessage()); } boolean useGivenProvider = true; if (algOid.equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { BcContentSignerBuilder signerBuilder; if (!(key instanceof RSAPrivateKey)) { throw new OperatorCreationException( "unsupported key " + key.getClass().getName() + " for RSAPSS"); } try { AsymmetricKeyParameter keyparam; try { signerBuilder = new RSAContentSignerBuilder(signatureAlgId, true); keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key); } catch (NoSuchAlgorithmException ex) { throw new OperatorCreationException("no such algorithm", ex); } for (int i = 0; i < parallelism; i++) { if (random != null) { signerBuilder.setSecureRandom(random); } ContentSigner signer = signerBuilder.build(keyparam); signers.add(signer); } } catch (Exception ex) { useGivenProvider = false; signers.clear(); } } else { try { for (int i = 0; i < parallelism; i++) { Signature signature = Signature.getInstance(algoName, provName); signature.initSign(key); if (i == 0) { signature.update(new byte[] { 1, 2, 3, 4 }); signature.sign(); } ContentSigner signer = new SignatureSigner(signatureAlgId, signature, key); signers.add(signer); } } catch (Exception ex) { useGivenProvider = false; signers.clear(); } } if (useGivenProvider) { LOG.info("use {} to sign {} signature", provName, algoName); } else { LOG.info("could not use {} to sign {} signature", provName, algoName); } } if (CollectionUtil.isEmpty(signers)) { BcContentSignerBuilder signerBuilder; AsymmetricKeyParameter keyparam; try { if (key instanceof RSAPrivateKey) { keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key); signerBuilder = new RSAContentSignerBuilder(signatureAlgId, false); } else if (key instanceof DSAPrivateKey) { keyparam = DSAUtil.generatePrivateKeyParameter(key); signerBuilder = new DSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)); } else if (key instanceof ECPrivateKey) { keyparam = ECUtil.generatePrivateKeyParameter(key); signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId, AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId)); } else { throw new OperatorCreationException("unsupported key " + key.getClass().getName()); } } catch (InvalidKeyException ex) { throw new OperatorCreationException("invalid key", ex); } catch (NoSuchAlgorithmException ex) { throw new OperatorCreationException("no such algorithm", ex); } for (int i = 0; i < parallelism; i++) { if (random != null) { signerBuilder.setSecureRandom(random); } ContentSigner signer = signerBuilder.build(keyparam); signers.add(signer); } } ConcurrentContentSigner concurrentSigner = new DefaultConcurrentContentSigner(signers, key); if (certificateChain != null) { concurrentSigner.setCertificateChain(certificateChain); } else { concurrentSigner.setPublicKey(publicKey); } return concurrentSigner; }