List of usage examples for org.bouncycastle.operator.jcajce JcaDigestCalculatorProviderBuilder JcaDigestCalculatorProviderBuilder
public JcaDigestCalculatorProviderBuilder()
From source file:com.orange.atk.sign.apk.SignedJarBuilder.java
License:Apache License
/** Write the certificate file with a digital signature. */ private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(publicKey);// ww w.j a va 2 s . c om JcaCertStore certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()) .build(privateKey); gen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()) .setDirectSignature(true).build(sha1Signer, publicKey)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(data, false); ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded()); DEROutputStream dos = new DEROutputStream(mOutputJar); dos.writeObject(asn1.readObject()); dos.flush(); dos.close(); asn1.close(); }
From source file:com.zotoh.crypto.Crypto.java
License:Open Source License
/** * From the given PKCS12 file, generate a corresponding PKCS7 file. * /*from w ww .ja v a2 s . com*/ * @param p12File * @param password * @param fileOut * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws UnrecoverableEntryException * @throws CertificateException * @throws IOException * @throws InvalidAlgorithmParameterException * @throws CertStoreException * @throws GeneralSecurityException */ public void exportPKCS7(File p12File, String password, File fileOut) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException, CertificateException, IOException, InvalidAlgorithmParameterException, CertStoreException, GeneralSecurityException { tstObjArg("pkcs7 output file", fileOut); tstObjArg("pkcs12 file", p12File); tstObjArg("password", password); KeyStore.PrivateKeyEntry key = loadPKCS12Key(p12File, password); Certificate[] cc = key.getCertificateChain(); List<Certificate> cl = CoreUte.asList(true, cc); DigestCalculatorProvider cp; try { cp = new JcaDigestCalculatorProviderBuilder().setProvider(getProvider()).build(); } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } JcaSignerInfoGeneratorBuilder bdr = new JcaSignerInfoGeneratorBuilder(cp); // "SHA1withRSA" ContentSigner cs; try { cs = new JcaContentSignerBuilder(CMSSignedDataGenerator.DIGEST_SHA512).setProvider(getProvider()) .build(key.getPrivateKey()); } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); try { gen.addSignerInfoGenerator(bdr.build(cs, (X509Certificate) cc[0])); gen.addCertificates(new JcaCertStore(cl)); byte[] bits = gen.generate(CMSSignedDataGenerator.DATA, new CMSProcessableByteArray("Hello".getBytes()), false, getProvider(), false).getEncoded(); writeFile(fileOut, bits); } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } catch (CMSException e) { throw new GeneralSecurityException(e); } }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
/** * @param key/* www . jav a 2 s. co m*/ * @param certs * @param algo * @param data * @return * @throws NoSuchAlgorithmException * @throws InvalidAlgorithmParameterException * @throws CertStoreException * @throws IOException * @throws CertificateEncodingException * @throws GeneralSecurityException */ public static byte[] pkcsDigSig(PrivateKey key, Certificate[] certs, SigningAlgo algo, StreamData data) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertStoreException, IOException, CertificateEncodingException, GeneralSecurityException { tstObjArg("input-content", data); tstObjArg("private-key", key); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); Provider prov = Crypto.getInstance().getProvider(); List<Certificate> lst = asList(true, certs); CMSTypedData cms; X509Certificate cert = (X509Certificate) lst.get(0); try { ContentSigner cs = new JcaContentSignerBuilder(algo.toString()).setProvider(prov).build(key); JcaSignerInfoGeneratorBuilder bdr = new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(prov).build()); bdr.setDirectSignature(true); gen.addSignerInfoGenerator(bdr.build(cs, cert)); gen.addCertificates(new JcaCertStore(lst)); if (data.isDiskFile()) { cms = new CMSProcessableFile(data.getFileRef()); } else { cms = new CMSProcessableByteArray(data.getBytes()); } return gen.generate(cms, false).getEncoded(); } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } catch (CMSException e) { throw new GeneralSecurityException(e); } }
From source file:com.zotoh.crypto.CryptoUte.java
License:Open Source License
private static SMIMESignedGenerator makeSignerGentor(PrivateKey key, Certificate[] certs, SigningAlgo algo) throws CertStoreException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, GeneralSecurityException, CertificateEncodingException { SMIMESignedGenerator gen = new SMIMESignedGenerator("base64"); List<Certificate> lst = asList(true, certs); ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.rC2_CBC, 128); caps.addCapability(SMIMECapability.dES_CBC); signedAttrs.add(new SMIMECapabilitiesAttribute(caps)); X509Certificate x0 = (X509Certificate) certs[0]; X509Certificate issuer = x0;/*from ww w . jav a 2 s . c o m*/ X500Principal issuerDN; if (certs.length > 1) { issuer = (X509Certificate) certs[1]; } issuerDN = issuer.getSubjectX500Principal(); x0 = (X509Certificate) certs[0]; // // add an encryption key preference for encrypted responses - // normally this would be different from the signing certificate... // IssuerAndSerialNumber issAndSer = new IssuerAndSerialNumber(X500Name.getInstance(issuerDN.getEncoded()), x0.getSerialNumber()); Provider prov = Crypto.getInstance().getProvider(); signedAttrs.add(new SMIMEEncryptionKeyPreferenceAttribute(issAndSer)); try { JcaSignerInfoGeneratorBuilder bdr = new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(prov).build()); bdr.setDirectSignature(true); ContentSigner cs = new JcaContentSignerBuilder(algo.toString()).setProvider(prov).build(key); bdr.setSignedAttributeGenerator( new DefaultSignedAttributeTableGenerator(new AttributeTable(signedAttrs))); gen.addSignerInfoGenerator(bdr.build(cs, x0)); gen.addCertificates(new JcaCertStore(lst)); return gen; } catch (OperatorCreationException e) { throw new GeneralSecurityException(e); } }
From source file:controller.CCInstance.java
License:Open Source License
private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); CertificateID id = new CertificateID( new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(issuerCert), serialNumber); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(id);/*w w w. j a va2 s . co m*/ Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); return gen.build(); }
From source file:cz.etruhla.mailsigner.Helpers.java
License:Apache License
private static MimeMultipart signMimeBodyPart(MimeBodyPart content, String signatureAlgorithm, PrivateKey pk, X509Certificate cert, Store certsStore) throws OperatorCreationException, CertificateEncodingException, SMIMEException { ContentSigner signer = new JcaContentSignerBuilder(signatureAlgorithm).build(pk); SMIMESignedGenerator gen = new SMIMESignedGenerator(); gen.addSignerInfoGenerator(//www . j a v a 2 s . c o m new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(signer, cert)); gen.addCertificates(certsStore); return gen.generate(content); }
From source file:de.brendamour.jpasskit.signing.PKAbstractSIgningUtil.java
License:Apache License
protected byte[] signManifestUsingContent(PKSigningInformation signingInformation, CMSTypedData content) throws PKSigningException { if (signingInformation == null || !signingInformation.isValid()) { throw new IllegalArgumentException("Signing information not valid"); }//from ww w. j a v a 2 s . co m try { CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME) .build(signingInformation.getSigningPrivateKey()); final ASN1EncodableVector signedAttributes = new ASN1EncodableVector(); final Attribute signingAttribute = new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))); signedAttributes.add(signingAttribute); // Create the signing table final AttributeTable signedAttributesTable = new AttributeTable(signedAttributes); // Create the table table generator that will added to the Signer builder final DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator( signedAttributesTable); generator.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder() .setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) .setSignedAttributeGenerator(signedAttributeGenerator) .build(sha1Signer, signingInformation.getSigningCert())); List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(signingInformation.getAppleWWDRCACert()); certList.add(signingInformation.getSigningCert()); JcaCertStore certs = new JcaCertStore(certList); generator.addCertificates(certs); CMSSignedData sigData = generator.generate(content, false); return sigData.getEncoded(); } catch (Exception e) { throw new PKSigningException("Error when signing manifest", e); } }
From source file:de.brendamour.jpasskit.signing.PKSigningUtil.java
License:Apache License
public static void signManifestFile(final File temporaryPassDirectory, final File manifestJSONFile, final PKSigningInformation signingInformation) throws Exception { if (temporaryPassDirectory == null || manifestJSONFile == null || signingInformation == null || !signingInformation.isValid()) { throw new IllegalArgumentException("Null params are not supported"); }//from ww w .ja va 2 s .com addBCProvider(); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(signingInformation.getSigningPrivateKey()); generator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) .build(sha1Signer, signingInformation.getSigningCert())); List<X509Certificate> certList = new ArrayList<X509Certificate>(); certList.add(signingInformation.getAppleWWDRCACert()); certList.add(signingInformation.getSigningCert()); Store certs = new JcaCertStore(certList); generator.addCertificates(certs); CMSSignedData sigData = generator.generate(new CMSProcessableFile(manifestJSONFile), false); byte[] signedDataBytes = sigData.getEncoded(); File signatureFile = new File(temporaryPassDirectory.getAbsolutePath() + File.separator + "signature"); FileOutputStream signatureOutputStream = new FileOutputStream(signatureFile); signatureOutputStream.write(signedDataBytes); signatureOutputStream.close(); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
/** * Returns the digest OID algorithm from a signature. The return value * for sha1 is e.g. "1.3.14.3.2.26"./* w ww.j a v a2s.c om*/ */ public String getDigestAlgOIDFromSignature(InputStream signed, Certificate cert) throws Exception { CMSSignedDataParser parser = new CMSSignedDataParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signed); parser.getSignedContent().drain(); SignerInformationStore signers = parser.getSignerInfos(); Collection signerCollection = signers.getSigners(); Iterator it = signerCollection.iterator(); boolean verified = false; X509CertificateHolder certHolder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier verifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC") .build(certHolder); while (it.hasNext()) { SignerInformation signerInformation = (SignerInformation) it.next(); if (!verified) { verified = signerInformation.verify(verifier); if (verified) { return (signerInformation.getDigestAlgOID()); } } } throw new GeneralSecurityException("getDigestAlgOIDFromSignature: Unable to identify signature algorithm."); }
From source file:de.mendelson.util.security.BCCryptoHelper.java
public void signCMS(InputStream unsigned, OutputStream signed, final String ALGORITHM_NAME, Certificate signCert, Key signKey, boolean inMemory) throws Exception { CMSSignedDataStreamGenerator generator = new CMSSignedDataStreamGenerator(); PrivateKey signPrivKey = this.getPrivateKey(signKey); ContentSigner contentSigner = new JcaContentSignerBuilder(ALGORITHM_NAME).setProvider("BC") .build(signPrivKey);/*from w ww. j av a 2 s. c o m*/ generator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(contentSigner, new X509CertificateHolder(signCert.getEncoded()))); if (inMemory) { ByteArrayOutputStream memBuffer = new ByteArrayOutputStream(); OutputStream signedOut = generator.open(memBuffer, true); this.copyStreams(unsigned, signedOut); signedOut.flush(); signedOut.close(); signed.write(memBuffer.toByteArray()); } else { File tempFile = File.createTempFile("sign", ".temp"); FileOutputStream fileBuffer = null; OutputStream signedOut = null; try { fileBuffer = new FileOutputStream(tempFile); signedOut = generator.open(fileBuffer, true); this.copyStreams(unsigned, signedOut); } finally { if (signedOut != null) { signedOut.flush(); signedOut.close(); } if (fileBuffer != null) { fileBuffer.flush(); fileBuffer.close(); } } FileInputStream fileIn = null; try { fileIn = new FileInputStream(tempFile); this.copyStreams(fileIn, signed); } finally { if (fileIn != null) { fileIn.close(); } } boolean deleted = tempFile.delete(); } }