List of usage examples for org.bouncycastle.operator.jcajce JcaDigestCalculatorProviderBuilder JcaDigestCalculatorProviderBuilder
public JcaDigestCalculatorProviderBuilder()
From source file:com.formkiq.core.service.generator.pdfbox.PdfEditorServiceImpl.java
License:Apache License
@Override public byte[] sign(final InputStream content) throws IOException { try {//from ww w. j a v a 2 s .c om KeyPair key = this.propertyStore.getKeyPair(); PrivateKey privKey = key.getPrivate(); Certificate certificate = this.propertyStore.getCertificate(key); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); org.bouncycastle.asn1.x509.Certificate cert = org.bouncycastle.asn1.x509.Certificate .getInstance(certificate.getEncoded()); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .build(sha1Signer, new X509CertificateHolder(cert))); CMSProcessableByteArray msg = new CMSProcessableByteArray(IOUtils.toByteArray(content)); CMSSignedData signedData = gen.generate(msg, false); return signedData.getEncoded(); } catch (GeneralSecurityException | CMSException | OperatorCreationException e) { throw new IOException(e); } }
From source file:com.gc.iotools.fmt.decoders.Pkcs7Decoder.java
License:BSD License
/** * {@inheritDoc}//from w ww. j a va 2 s . c o m */ @Override public InputStream decode(final InputStream istream) throws IOException { CMSSignedDataParser sdp; try { sdp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), istream); } catch (final CMSException e) { final IOException e1 = new IOException("Error parsing PKCS7 content"); e1.initCause(e); throw e1; } catch (OperatorCreationException e) { final IOException e1 = new IOException("Error initializing PKCS7 decoder."); e1.initCause(e); throw e1; } final CMSTypedStream ts = sdp.getSignedContent(); return ts.getContentStream(); }
From source file:com.infinities.keystone4j.utils.Cms.java
License:Apache License
private String cmsSignData(String data, String signingCertFileName, String signingKeyFile, String outform) throws CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertStoreException { if (Strings.isNullOrEmpty(outform)) { outform = PKI_ASN1_FORM;//from w w w . j a v a 2 s . c om } Security.addProvider(new BouncyCastleProvider()); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); logger.debug("signingCertFile: {}, caFile:{}", new Object[] { signingCertFileName, signingKeyFile }); X509Certificate signercert = generateCertificate(signingCertFileName); // X509Certificate cacert = generateCertificate(caFileName); PrivateKey key = generatePrivateKey(signingKeyFile); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(key); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, signercert)); List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(signercert); Store certs = new JcaCertStore(certList); gen.addCertificates(certs); CMSProcessableByteArray b = new CMSProcessableByteArray(data.getBytes()); CMSSignedData signed = gen.generate(b, true); String signedContent = new String(DERtoPEM(signed.getContentInfo().getDEREncoded(), "CMS")); return signedContent; }
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, AlgorithmIdentifier digestAlgorithmIdentifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID(new JcaDigestCalculatorProviderBuilder().build().get(digestAlgorithmIdentifier), new JcaX509CertificateHolder(issuerCert), serialNumber); }
From source file:com.itextpdf.signatures.SignUtils.java
License:Open Source License
static CertificateID generateCertificateId(X509Certificate issuerCert, BigInteger serialNumber, ASN1ObjectIdentifier identifier) throws OperatorCreationException, CertificateEncodingException, OCSPException { return new CertificateID( new JcaDigestCalculatorProviderBuilder().build() .get(new AlgorithmIdentifier(identifier, DERNull.INSTANCE)), new JcaX509CertificateHolder(issuerCert), serialNumber); }
From source file:com.itextpdf.text.pdf.security.OcspClientBouncyCastle.java
License:Open Source License
/** * Generates an OCSP request using BouncyCastle. * @param issuerCert certificate of the issues * @param serialNumber serial number// ww w . j a v a 2 s . c o m * @return an OCSP request * @throws OCSPException * @throws IOException */ private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { //Add provider BC Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); // Generate the id for the certificate we are looking for CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); // basic request generation with nonce OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:com.itextpdf.text.pdf.security.PdfPKCS7.java
License:Open Source License
/** * Checks if OCSP revocation refers to the document signing certificate. * @return true if it checks, false otherwise * @since 2.1.6/* w w w. ja v a 2s . co m*/ */ public boolean isRevocationValid() { if (basicResp == null) return false; if (signCerts.size() < 2) return false; try { X509Certificate[] cs = (X509Certificate[]) getSignCertificateChain(); SingleResp sr = basicResp.getResponses()[0]; CertificateID cid = sr.getCertID(); DigestCalculator digestalg = new JcaDigestCalculatorProviderBuilder().build() .get(new AlgorithmIdentifier(cid.getHashAlgOID(), DERNull.INSTANCE)); X509Certificate sigcer = getSigningCertificate(); X509Certificate isscer = cs[1]; CertificateID tis = new CertificateID(digestalg, new JcaX509CertificateHolder(isscer), sigcer.getSerialNumber()); return tis.equals(cid); } catch (Exception ex) { } return false; }
From source file:com.jadyounan.PKCS7Signer.java
public byte[] sign(String storeLocation, String storePasswd, byte[] dataToSign) throws Exception { KeyStore clientStore = getKeystore(storeLocation, storePasswd); if (clientStore == null) { return null; }//from w ww . jav a2 s . co m Enumeration aliases = clientStore.aliases(); String alias = ""; while (aliases.hasMoreElements()) { alias = (String) aliases.nextElement(); if (clientStore.isKeyEntry(alias)) { break; } } CMSTypedData msg = new CMSProcessableByteArray(dataToSign); // Data to sign X509CertificateHolder x509Certificate = getCert(clientStore, alias); List certList = new ArrayList(); certList.add(x509Certificate); // Adding the X509 Certificate Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); // Initializing the the BC's Signer ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC") .build(getPrivateKey(clientStore, alias, storePasswd)); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, x509Certificate)); // adding the certificate gen.addCertificates(certs); // Getting the signed data CMSSignedData sigData = gen.generate(msg, false); return sigData.getEncoded(); }
From source file:com.leon.utils.sign.v2.SignApk.java
License:Apache License
/** Sign data and write the digital signature to 'out'. */ private static void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey, int minSdkVersion, OutputStream out) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(1); certList.add(publicKey);// w w w.j av a 2 s .c o m JcaCertStore certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey, minSdkVersion)) .build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .setDirectSignature(true).build(signer, publicKey)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(data, false); try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) { DEROutputStream dos = new DEROutputStream(out); dos.writeObject(asn1.readObject()); } }
From source file:com.miguelpazo.signature.test.SignDataTest.java
public String signDataWithPfx(String data, File certPfx, String pass, File dataSignedFile) throws Exception { KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream(certPfx), pass.toCharArray()); String alias = (String) ks.aliases().nextElement(); PrivateKey key = (PrivateKey) ks.getKey(alias, pass.toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); Signature signature = Signature.getInstance("SHA1WithRSA", "BC"); signature.initSign(key);//from w w w . j a v a 2s . com // signature.update(Base64.encode(data.getBytes())); signature.update(data.getBytes()); //Build CMS X509Certificate cert = (X509Certificate) ks.getCertificate(alias); List certList = new ArrayList(); CMSTypedData msg = new CMSProcessableByteArray(signature.sign()); certList.add(cert); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider("BC").build(key); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, cert)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(msg, false); byte[] dataSigned = Base64.encode(sigData.getEncoded()); String envelopedData = new String(dataSigned); certUtil.exportToFile(envelopedData, dataSignedFile); byte[] b = (byte[]) sigData.getSignedContent().getContent(); String dataEncrypt = new String(Base64.encode(b)); System.out.println("content => " + dataEncrypt); PublicKey pubKey = cert.getPublicKey(); String dataFinal = certUtil.decryptData(pubKey, dataEncrypt); System.out.println(dataEncrypt); // System.out.println(dataFinal); return envelopedData; }