List of usage examples for org.bouncycastle.operator.jcajce JcaContentSignerBuilder JcaContentSignerBuilder
public JcaContentSignerBuilder(String signatureAlgorithm)
From source file:org.signserver.module.tsa.TimeStampSigner.java
License:Open Source License
private TimeStampTokenGenerator getTimeStampTokenGenerator(final ICryptoInstance crypto, final TimeStampRequest timeStampRequest, final LogMap logMap) throws IllegalRequestException, CryptoTokenOfflineException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, CertStoreException, OperatorCreationException, SignServerException { TimeStampTokenGenerator timeStampTokenGen = null; try {/*from w ww.j a v a2 s .c om*/ ASN1ObjectIdentifier tSAPolicyOID = timeStampRequest.getReqPolicy(); if (tSAPolicyOID == null) { tSAPolicyOID = defaultTSAPolicyOID; } logMap.put(ITimeStampLogger.LOG_TSA_POLICYID, tSAPolicyOID.getId()); final X509Certificate signingCert = (X509Certificate) getSigningCertificate(crypto); if (signingCert == null) { throw new CryptoTokenOfflineException("No certificate for this signer"); } DigestCalculatorProvider calcProv = new BcDigestCalculatorProvider(); DigestCalculator calc = calcProv.get(new AlgorithmIdentifier(TSPAlgorithms.SHA1)); ContentSigner cs = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(crypto.getProvider()) .build(crypto.getPrivateKey()); JcaSignerInfoGeneratorBuilder sigb = new JcaSignerInfoGeneratorBuilder(calcProv); X509CertificateHolder certHolder = new X509CertificateHolder(signingCert.getEncoded()); // set signed attribute table generator based on property sigb.setSignedAttributeGenerator( new OptionalSigningTimeSignedAttributeTableGenerator(includeSigningTimeAttribute)); SignerInfoGenerator sig = sigb.build(cs, certHolder); timeStampTokenGen = new TimeStampTokenGenerator(calc, sig, tSAPolicyOID); if (config.getProperties().getProperty(ACCURACYMICROS) != null) { timeStampTokenGen .setAccuracyMicros(Integer.parseInt(config.getProperties().getProperty(ACCURACYMICROS))); } if (config.getProperties().getProperty(ACCURACYMILLIS) != null) { timeStampTokenGen .setAccuracyMillis(Integer.parseInt(config.getProperties().getProperty(ACCURACYMILLIS))); } if (config.getProperties().getProperty(ACCURACYSECONDS) != null) { timeStampTokenGen .setAccuracySeconds(Integer.parseInt(config.getProperties().getProperty(ACCURACYSECONDS))); } timeStampTokenGen.setOrdering(ordering); timeStampTokenGen.setIncludeOrdering(includeOrdering); if (tsaName != null) { final X500Name x500Name = new X500Name(tsaName); timeStampTokenGen.setTSA(new GeneralName(x500Name)); } else if (tsaNameFromCert) { final X500Name x500Name = new JcaX509CertificateHolder(signingCert).getSubject(); timeStampTokenGen.setTSA(new GeneralName(x500Name)); } timeStampTokenGen .addCertificates(getCertStoreWithChain(signingCert, getSigningCertificateChain(crypto))); } catch (IllegalArgumentException e) { LOG.error("IllegalArgumentException: ", e); throw new IllegalRequestException(e.getMessage()); } catch (TSPException e) { LOG.error("TSPException: ", e); throw new IllegalRequestException(e.getMessage()); } catch (CertificateEncodingException e) { LOG.error("CertificateEncodingException: ", e); throw new IllegalRequestException(e.getMessage()); } catch (IOException e) { LOG.error("IOException: ", e); throw new IllegalRequestException(e.getMessage()); } return timeStampTokenGen; }
From source file:org.signserver.server.cryptotokens.CryptoTokenBase.java
License:Open Source License
@Override public ICertReqData genCertificateRequest(ISignerCertReqInfo info, final boolean explicitEccParameters, final boolean defaultKey) throws CryptoTokenOfflineException { Base64SignerCertReqData retval = null; if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; final int purpose = defaultKey ? PURPOSE_SIGN : PURPOSE_NEXTKEY; if (log.isDebugEnabled()) { log.debug("Purpose: " + purpose); log.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm()); log.debug("subjectDN: " + reqInfo.getSubjectDN()); log.debug("explicitEccParameters: " + explicitEccParameters); }//ww w.jav a2 s. c o m try { PublicKey publicKey = getPublicKey(purpose); // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(getProvider(ICryptoToken.PROVIDERUSAGE_SIGN)).build(getPrivateKey(purpose)); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } catch (IOException e) { log.error("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { log.error("Certificate request error: signer could not be initialized", e); } catch (NoSuchAlgorithmException e) { log.error("Certificate request error: " + e.getMessage(), e); } catch (NoSuchProviderException e) { log.error("Certificate request error: " + e.getMessage(), e); } } return retval; }
From source file:org.signserver.server.cryptotokens.CryptoTokenHelper.java
License:Open Source License
/** * Generate a certificate signing request (PKCS#10). * @param info A PKCS10CertReqInfo/*w w w . j av a 2 s . com*/ * @param privateKey Private key for signing the request * @param signatureProvider Name of provider to sign with * @param publicKey Public key to include in the request * @param explicitEccParameters True if the EC domain parameters should be included (ie. not a named curve) * @return the certificate request data */ public static ICertReqData genCertificateRequest(ISignerCertReqInfo info, final PrivateKey privateKey, final String signatureProvider, PublicKey publicKey, final boolean explicitEccParameters) throws IllegalArgumentException { LOG.debug(">genCertificateRequest"); final Base64SignerCertReqData retval; if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; if (LOG.isDebugEnabled()) { LOG.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm()); LOG.debug("subjectDN: " + reqInfo.getSubjectDN()); LOG.debug("explicitEccParameters: " + explicitEccParameters); } try { // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } if (LOG.isDebugEnabled()) { LOG.debug("Public key SHA1: " + createKeyHash(publicKey)); LOG.debug("Public key SHA256: " + KeyUsageCounterHash.create(publicKey)); } // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(signatureProvider).build(privateKey); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } catch (NoSuchProviderException e) { throw new IllegalArgumentException("Certificate request error: " + e.getMessage(), e); } LOG.debug("<genCertificateRequest"); return retval; } else { throw new IllegalArgumentException( "Unsupported certificate request info type: " + info.getClass().getName()); } }
From source file:org.signserver.server.cryptotokens.CryptoTokenHelper.java
License:Open Source License
private static X509Certificate getSelfCertificate(String myname, long validity, String sigAlg, KeyPair keyPair, String provider) throws OperatorCreationException, CertificateException { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); // Add all mandatory attributes if (LOG.isDebugEnabled()) { LOG.debug("keystore signing algorithm " + sigAlg); }// www . ja va 2 s .c o m final PublicKey publicKey = keyPair.getPublic(); if (publicKey == null) { throw new IllegalArgumentException("Public key is null"); } X509v3CertificateBuilder cg = new JcaX509v3CertificateBuilder(new X500Principal(myname), BigInteger.valueOf(firstDate.getTime()), firstDate, lastDate, new X500Principal(myname), publicKey); final JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(sigAlg); contentSignerBuilder.setProvider(provider); final ContentSigner contentSigner = contentSignerBuilder.build(keyPair.getPrivate()); return new JcaX509CertificateConverter().getCertificate(cg.build(contentSigner)); }
From source file:org.signserver.server.cryptotokens.CryptoTokenTestBase.java
License:Open Source License
protected void importCertificateChainHelper(final String existingKey) throws NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, CertificateException, CryptoTokenOfflineException, IllegalArgumentException, CertificateEncodingException, OperationUnsupportedException, InvalidWorkerIdException, SignServerException { final String additionalAlias = "additionalKey"; try {//from w ww . java 2s .c o m final ISignerCertReqInfo req = new PKCS10CertReqInfo("SHA1WithRSA", "CN=imported", null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, existingKey); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest( Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(cert.getEncoded())), existingKey); List<Certificate> chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); Certificate foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); generateKey("RSA", "1024", additionalAlias); // Isse additional certificate reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, additionalAlias); csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder newCert = new X509v3CertificateBuilder(new X500Name("CN=Test Issuer2"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // import certficate chain importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(newCert.getEncoded())), additionalAlias); // check that previously imported cert chain is un-affected chain = getCertificateChain(existingKey); assertEquals("Number of certs", 1, chain.size()); foundCert = chain.get(0); assertTrue("Imported cert", Arrays.equals(foundCert.getEncoded(), cert.getEncoded())); // Test that it is not allowed to import a certificate for // an other key try { final List<Certificate> chainForExistingKey = chain; final String aliasForAnOtherKey = additionalAlias; importCertificateChain(chainForExistingKey, aliasForAnOtherKey); fail("Should have thrown exception about the key not matching"); } catch (CryptoTokenOfflineException expected) { assertTrue("ex: " + expected.getMessage(), expected.getMessage().contains("does not match")); } } finally { try { destroyKey(additionalAlias); } catch (KeyStoreException ex) { LOG.error("Failed to remove additional key"); } } }
From source file:org.signserver.server.cryptotokens.CryptoTokenTestBase.java
License:Open Source License
/** * Tests export of certificate chain. First imports a generate certificate * chain and then checks that it can be read back. Then imports an other * chain and checks again./* www.ja v a 2s .c o m*/ * @param existingKey entry to use */ protected void exportCertificatesHelper(final String existingKey) throws CryptoTokenOfflineException, KeyStoreException, InvalidWorkerIdException, SignServerException, IllegalArgumentException, CertificateException, CertificateEncodingException, OperationUnsupportedException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, QueryException, OperationUnsupportedException, AuthorizationDeniedException, InvalidAlgorithmParameterException, UnsupportedCryptoTokenParameter { final ISignerCertReqInfo req = new PKCS10CertReqInfo("SHA1WithRSA", "CN=imported", null); final Base64SignerCertReqData reqData = (Base64SignerCertReqData) genCertificateRequest(req, false, existingKey); // Generate a certificate chain that we will try to import and later export KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); final X509CertificateHolder issuerCert = new JcaX509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(3650)), new X500Name("CN=Test Import/Export CA"), issuerKeyPair.getPublic()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); final X509CertificateHolder subjectCert1 = new X509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=Test Import/Export 1"), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); final X509CertificateHolder subjectCert2 = new X509v3CertificateBuilder( new X500Name("CN=Test Import/Export CA"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), new X500Name("CN=Test Import/Export 2"), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Import certficate chain 1 importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(subjectCert1.getEncoded()), CertTools.getCertfromByteArray(issuerCert.getEncoded())), existingKey); // Find the entry TokenSearchResults searchResults = searchTokenEntries(0, Integer.MAX_VALUE, QueryCriteria.create() .add(new Term(RelationalOperator.EQ, CryptoTokenHelper.TokenEntryFields.alias.name(), existingKey)), true); LinkedList<String> aliases = new LinkedList<String>(); for (TokenEntry entry : searchResults.getEntries()) { aliases.add(entry.getAlias()); } assertArrayEquals(new String[] { existingKey }, aliases.toArray()); TokenEntry entry = searchResults.getEntries().iterator().next(); Certificate[] parsedChain = entry.getParsedChain(); assertEquals("right subject", new JcaX509CertificateConverter().getCertificate(subjectCert1).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[0]).getSubjectX500Principal().getName()); assertEquals("right issuer", new JcaX509CertificateConverter().getCertificate(issuerCert).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[1]).getSubjectX500Principal().getName()); // Import certificate chain 2 importCertificateChain(Arrays.asList(CertTools.getCertfromByteArray(subjectCert2.getEncoded()), CertTools.getCertfromByteArray(issuerCert.getEncoded())), existingKey); // Find the entry searchResults = searchTokenEntries(0, Integer.MAX_VALUE, QueryCriteria.create() .add(new Term(RelationalOperator.EQ, CryptoTokenHelper.TokenEntryFields.alias.name(), existingKey)), true); entry = searchResults.getEntries().iterator().next(); parsedChain = entry.getParsedChain(); assertEquals("right subject", new JcaX509CertificateConverter().getCertificate(subjectCert2).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[0]).getSubjectX500Principal().getName()); assertEquals("right issuer", new JcaX509CertificateConverter().getCertificate(issuerCert).getSubjectX500Principal().getName(), ((X509Certificate) parsedChain[1]).getSubjectX500Principal().getName()); }
From source file:org.signserver.server.cryptotokens.KeystoreCryptoTokenTest.java
License:Open Source License
/** Creates a self signed certificate. */ private X509Certificate getSelfCertificate(String alias, long validity, KeyPair keyPair) throws Exception { final long currentTime = new Date().getTime(); final Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000); final Date lastDate = new Date(currentTime + validity * 1000); final X509v3CertificateBuilder cg = new JcaX509v3CertificateBuilder(new X500Principal(alias), BigInteger.valueOf(firstDate.getTime()), firstDate, lastDate, new X500Principal(alias), keyPair.getPublic());//from ww w . java2s .c o m final JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA1withRSA"); contentSignerBuilder.setProvider("BC"); final ContentSigner contentSigner = contentSignerBuilder.build(keyPair.getPrivate()); return new JcaX509CertificateConverter().getCertificate(cg.build(contentSigner)); }
From source file:org.signserver.server.cryptotokens.KeystoreCryptoTokenTestBase.java
License:Open Source License
protected void cmsSigner(final int workerId, final boolean expectActive) throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + workerId, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(workerId, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(workerId, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(workerId, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(workerId); if (expectActive) { // Test active List<String> errors = workerSession.getStatus(workerId).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); }/*from w w w . ja v a 2 s . c om*/ // Test signing signGenericDocument(workerId, "Sample data".getBytes()); }
From source file:org.signserver.server.cryptotokens.OldPKCS11CryptoToken.java
License:Open Source License
@Override public ICertReqData genCertificateRequest(ISignerCertReqInfo info, final boolean explicitEccParameters, boolean defaultKey) throws CryptoTokenOfflineException { LOG.debug(">genCertificateRequest PKCS11CryptoToken"); Base64SignerCertReqData retval = null; if (info instanceof PKCS10CertReqInfo) { PKCS10CertReqInfo reqInfo = (PKCS10CertReqInfo) info; PKCS10CertificationRequest pkcs10; final String alias; if (defaultKey) { alias = properties.getProperty("defaultKey"); } else {//from w w w.j av a 2s . com alias = properties.getProperty("nextCertSignKey"); } if (LOG.isDebugEnabled()) { LOG.debug("defaultKey: " + defaultKey); LOG.debug("alias: " + alias); LOG.debug("signatureAlgorithm: " + reqInfo.getSignatureAlgorithm()); LOG.debug("subjectDN: " + reqInfo.getSubjectDN()); LOG.debug("explicitEccParameters: " + explicitEccParameters); } try { final KeyStore keyStore = getKeyStore(authenticationCode); final PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, authenticationCode); final Certificate cert = keyStore.getCertificate(alias); if (cert == null) { throw new CryptoTokenOfflineException( "Certificate request error: No key with the configured alias"); } PublicKey publicKey = cert.getPublicKey(); // Handle ECDSA key with explicit parameters if (explicitEccParameters && publicKey.getAlgorithm().contains("EC")) { publicKey = ECKeyUtil.publicToExplicitParameters(publicKey, "BC"); } if (LOG.isDebugEnabled()) { LOG.debug("Public key SHA1: " + CryptoTokenHelper.createKeyHash(cert.getPublicKey())); LOG.debug("Public key SHA256: " + KeyUsageCounterHash.create(cert.getPublicKey())); } // Generate request final JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder( new X500Name(CertTools.stringToBCDNString(reqInfo.getSubjectDN())), publicKey); final ContentSigner contentSigner = new JcaContentSignerBuilder(reqInfo.getSignatureAlgorithm()) .setProvider(getProvider(ICryptoToken.PROVIDERUSAGE_SIGN)).build(privateKey); pkcs10 = builder.build(contentSigner); retval = new Base64SignerCertReqData(Base64.encode(pkcs10.getEncoded())); } catch (IOException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (OperatorCreationException e) { LOG.error("Certificate request error: signer could not be initialized", e); } catch (UnrecoverableKeyException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (KeyStoreException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } catch (NoSuchProviderException e) { LOG.error("Certificate request error: " + e.getMessage(), e); } } LOG.debug("<genCertificateRequest PKCS11CryptoToken"); return retval; }
From source file:org.signserver.server.cryptotokens.P11SignTest.java
License:Open Source License
private void pdfSignerTest() throws Exception { // Generate CSR PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=Worker" + WORKER_PDF, null); Base64SignerCertReqData reqData = (Base64SignerCertReqData) getWorkerSession() .getCertificateRequest(WORKER_PDF, certReqInfo, false); // Issue certificate PKCS10CertificationRequest csr = new PKCS10CertificationRequest(Base64.decode(reqData.getBase64CertReq())); KeyPair issuerKeyPair = CryptoUtils.generateRSA(512); X509CertificateHolder cert = new X509v3CertificateBuilder(new X500Name("CN=TestP11 Issuer"), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365)), csr.getSubject(), csr.getSubjectPublicKeyInfo()) .build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider("BC") .build(issuerKeyPair.getPrivate())); // Install certificate and chain workerSession.uploadSignerCertificate(WORKER_PDF, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER_PDF, Arrays.asList(cert.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER_PDF); // Test active List<String> errors = workerSession.getStatus(WORKER_PDF).getFatalErrors(); assertEquals("errors: " + errors, 0, errors.size()); // Test signing signGenericDocument(WORKER_PDF, readFile(pdfSampleFile)); }