List of usage examples for org.bouncycastle.operator.jcajce JcaDigestCalculatorProviderBuilder JcaDigestCalculatorProviderBuilder
public JcaDigestCalculatorProviderBuilder()
From source file:mitm.common.security.cms.CMSSignedInspectorImplTest.java
License:Open Source License
@Test public void testOpaqueSignedParser() throws Exception { MimeMessage signedMessage = loadMessage("signed-opaque-validcertificate.eml"); SMIMESignedParser signedData = new SMIMESignedParser( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(), signedMessage); CMSSignedDataAdapter signedDataAdapter = CMSAdapterFactory.createAdapter(signedData); assertTrue(signedDataAdapter instanceof CMSSignedDataParserAdapterImpl); testOpaqueSigned(signedDataAdapter); }
From source file:mitm.common.security.smime.SMIMEBuilderImpl.java
License:Open Source License
private void addSigner(PrivateKey privateKey, X509Certificate signer, SMIMESigningAlgorithm algorithm, AttributeTable signedAttr, AttributeTable unsignedAttr) throws SMIMEBuilderException { try {/*w w w .java 2 s .co m*/ JcaDigestCalculatorProviderBuilder digestBuilder = new JcaDigestCalculatorProviderBuilder(); digestBuilder.setProvider(nonSensitiveProvider); SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(digestBuilder.build()); if (signedAttr != null) { signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(signedAttr)); } if (unsignedAttr != null) { signerInfoBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(unsignedAttr)); } JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(algorithm.getAlgorithm()); contentSignerBuilder.setProvider(sensitiveProvider); SignerInfoGenerator signerInfoGenerator = signerInfoBuilder .build(contentSignerBuilder.build(privateKey), new JcaX509CertificateHolder(signer)); signedGenerator.addSignerInfoGenerator(signerInfoGenerator); } catch (OperatorCreationException e) { throw new SMIMEBuilderException(e); } catch (CertificateEncodingException e) { throw new SMIMEBuilderException(e); } }
From source file:mitm.common.security.smime.SMIMEBuilderImpl.java
License:Open Source License
public void addSigner(PrivateKey privateKey, byte[] subjectKeyIdentifier, SMIMESigningAlgorithm algorithm, AttributeTable signedAttr, AttributeTable unsignedAttr) throws SMIMEBuilderException { try {/*from w w w. j a va 2s.c o m*/ JcaDigestCalculatorProviderBuilder digestBuilder = new JcaDigestCalculatorProviderBuilder(); digestBuilder.setProvider(nonSensitiveProvider); SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder(digestBuilder.build()); if (signedAttr != null) { signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(signedAttr)); } if (unsignedAttr != null) { signerInfoBuilder.setUnsignedAttributeGenerator(new SimpleAttributeTableGenerator(unsignedAttr)); } JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder(algorithm.getAlgorithm()); contentSignerBuilder.setProvider(sensitiveProvider); SignerInfoGenerator signerInfoGenerator = signerInfoBuilder .build(contentSignerBuilder.build(privateKey), subjectKeyIdentifier); signedGenerator.addSignerInfoGenerator(signerInfoGenerator); } catch (OperatorCreationException e) { throw new SMIMEBuilderException(e); } }
From source file:nDasJoWo.signapk.SignApk.java
License:Apache License
private static void writeSignatureBlock(CMSTypedData paramCMSTypedData, X509Certificate paramX509Certificate, PrivateKey paramPrivateKey, OutputStream paramOutputStream) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException { ArrayList localArrayList = new ArrayList(1); localArrayList.add(paramX509Certificate); JcaCertStore localJcaCertStore = new JcaCertStore(localArrayList); CMSSignedDataGenerator localCMSSignedDataGenerator = new CMSSignedDataGenerator(); ContentSigner localContentSigner = new JcaContentSignerBuilder("SHA1withRSA") .setProvider(sBouncyCastleProvider).build(paramPrivateKey); localCMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(sBouncyCastleProvider).build()) .setDirectSignature(true).build(localContentSigner, paramX509Certificate)); localCMSSignedDataGenerator.addCertificates(localJcaCertStore); CMSSignedData localCMSSignedData = localCMSSignedDataGenerator.generate(paramCMSTypedData, false); ASN1InputStream localASN1InputStream = new ASN1InputStream(localCMSSignedData.getEncoded()); DEROutputStream localDEROutputStream = new DEROutputStream(paramOutputStream); localDEROutputStream.writeObject(localASN1InputStream.readObject()); }
From source file:net.jsign.PESigner.java
License:Apache License
private CMSSignedData createSignature(PEFile file) throws IOException, CMSException, OperatorCreationException, CertificateEncodingException { byte[] sha = file.computeDigest(algo); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(algo.oid, DERNull.INSTANCE); DigestInfo digestInfo = new DigestInfo(algorithmIdentifier, sha); SpcAttributeTypeAndOptionalValue data = new SpcAttributeTypeAndOptionalValue( AuthenticodeObjectIdentifiers.SPC_PE_IMAGE_DATA_OBJID, new SpcPeImageData()); SpcIndirectDataContent spcIndirectDataContent = new SpcIndirectDataContent(data, digestInfo); ContentSigner shaSigner = new JcaContentSignerBuilder(algo + "with" + privateKey.getAlgorithm()) .build(privateKey);/*w w w . java 2 s .c o m*/ DigestCalculatorProvider digestCalculatorProvider = new JcaDigestCalculatorProviderBuilder().build(); // prepare the authenticated attributes CMSAttributeTableGenerator attributeTableGenerator = new DefaultSignedAttributeTableGenerator( createAuthenticatedAttributes()); // fetch the signing certificate X509CertificateHolder certificate = new JcaX509CertificateHolder((X509Certificate) chain[0]); // prepare the signerInfo with the extra authenticated attributes SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder( digestCalculatorProvider); signerInfoGeneratorBuilder.setSignedAttributeGenerator(attributeTableGenerator); SignerInfoGenerator signerInfoGenerator = signerInfoGeneratorBuilder.build(shaSigner, certificate); AuthenticodeSignedDataGenerator generator = new AuthenticodeSignedDataGenerator(); generator.addCertificates(new JcaCertStore(removeRoot(chain))); generator.addSignerInfoGenerator(signerInfoGenerator); return generator.generate(AuthenticodeObjectIdentifiers.SPC_INDIRECT_DATA_OBJID, spcIndirectDataContent); }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
public BasicOCSPRespBuilder initOCSPRespBuilder(OCSPReq request) { SubjectPublicKeyInfo keyinfo = SubjectPublicKeyInfo .getInstance(getMCCertificate(ROOT_CERT_ALIAS).getPublicKey().getEncoded()); BasicOCSPRespBuilder respBuilder;//from w ww .ja v a 2s . com try { respBuilder = new BasicOCSPRespBuilder(keyinfo, new JcaDigestCalculatorProviderBuilder() .setProvider(BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1)); // Create builder } catch (Exception e) { return null; } Extension ext = request.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); if (ext != null) { respBuilder.setResponseExtensions(new Extensions(new Extension[] { ext })); // Put the nonce back in the response } return respBuilder; }
From source file:net.maritimecloud.pki.ocsp.OCSPClient.java
License:Open Source License
private OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws CertificateEncodingException, OperatorCreationException, OCSPException, IOException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); OCSPReqBuilder gen = new OCSPReqBuilder(); gen.addRequest(new JcaCertificateID(new JcaDigestCalculatorProviderBuilder() .setProvider(PKIConstants.BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1), issuerCert, serialNumber));/* w ww . j av a2 s. co m*/ BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis()); Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, new DEROctetString(nonce.toByteArray())); gen.setRequestExtensions(new Extensions(new Extension[] { ext })); sentNonce = ext.getExtnId().getEncoded(); return gen.build(); }
From source file:net.maritimecloud.pki.Revocation.java
License:Apache License
/** * Generate a BasicOCSPRespBuilder./* ww w . j av a2 s. c o m*/ * * @param request The incoming request. * @param publicKey Public key of the issuer. * @return a BasicOCSPRespBuilder */ public static BasicOCSPRespBuilder initOCSPRespBuilder(OCSPReq request, PublicKey publicKey) { SubjectPublicKeyInfo keyinfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); BasicOCSPRespBuilder respBuilder; try { respBuilder = new BasicOCSPRespBuilder(keyinfo, new JcaDigestCalculatorProviderBuilder() .setProvider(BC_PROVIDER_NAME).build().get(CertificateID.HASH_SHA1)); // Create builder } catch (Exception e) { return null; } Extension ext = request.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); if (ext != null) { respBuilder.setResponseExtensions(new Extensions(new Extension[] { ext })); // Put the nonce back in the response } return respBuilder; }
From source file:net.sf.keystore_explorer.crypto.signing.JarSigner.java
License:Open Source License
private static byte[] createSignatureBlock(byte[] toSign, PrivateKey privateKey, X509Certificate[] certificateChain, SignatureType signatureType, String tsaUrl, Provider provider) throws CryptoException { try {//from w w w .j a v a2 s . c o m List<X509Certificate> certList = new ArrayList<X509Certificate>(); Collections.addAll(certList, certificateChain); DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider("BC") .build(); JcaContentSignerBuilder csb = new JcaContentSignerBuilder(signatureType.jce()) .setSecureRandom(SecureRandom.getInstance("SHA1PRNG")); if (provider != null) { csb.setProvider(provider); } JcaSignerInfoGeneratorBuilder siGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digCalcProv); // remove cmsAlgorithmProtect for compatibility reasons SignerInfoGenerator sigGen = siGeneratorBuilder.build(csb.build(privateKey), certificateChain[0]); final CMSAttributeTableGenerator sAttrGen = sigGen.getSignedAttributeTableGenerator(); sigGen = new SignerInfoGenerator(sigGen, new DefaultSignedAttributeTableGenerator() { @Override public AttributeTable getAttributes(@SuppressWarnings("rawtypes") Map parameters) { AttributeTable ret = sAttrGen.getAttributes(parameters); return ret.remove(CMSAttributes.cmsAlgorithmProtect); } }, sigGen.getUnsignedAttributeTableGenerator()); CMSSignedDataGenerator dataGen = new CMSSignedDataGenerator(); dataGen.addSignerInfoGenerator(sigGen); dataGen.addCertificates(new JcaCertStore(certList)); CMSSignedData signedData = dataGen.generate(new CMSProcessableByteArray(toSign), true); // now let TSA time-stamp the signature if (tsaUrl != null && !tsaUrl.isEmpty()) { signedData = addTimestamp(tsaUrl, signedData); } return signedData.getEncoded(); } catch (Exception ex) { throw new CryptoException(res.getString("SignatureBlockCreationFailed.exception.message"), ex); } }
From source file:net.solarnetwork.pki.bc.BCCertificateService.java
License:Open Source License
@Override public X509Certificate generateCertificationAuthorityCertificate(String dn, PublicKey publicKey, PrivateKey privateKey) {//from w w w . ja v a 2 s . c o m X500Principal issuer = new X500Principal(dn); Date now = new Date(); Date expire = new Date(now.getTime() + (1000L * 60L * 60L * 24L * authorityExpireDays)); JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(issuer, new BigInteger("0"), now, expire, issuer, publicKey); JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(signatureAlgorithm); DefaultDigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); ContentSigner signer; try { DigestCalculatorProvider digestCalcProvider = new JcaDigestCalculatorProviderBuilder() .setProvider(new BouncyCastleProvider()).build(); JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils( digestCalcProvider.get(digestAlgFinder.find("SHA-256"))); builder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true)); builder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(publicKey)); builder.addExtension(X509Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.nonRepudiation | KeyUsage.keyCertSign | KeyUsage.cRLSign)); builder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(publicKey)); signer = signerBuilder.build(privateKey); } catch (OperatorCreationException e) { log.error("Error generating CA certificate [{}]", dn, e); throw new CertificateException("Error signing CA certificate", e); } catch (CertIOException e) { log.error("Error generating CA certificate [{}]", dn, e); throw new CertificateException("Error signing CA certificate", e); } X509CertificateHolder holder = builder.build(signer); JcaX509CertificateConverter converter = new JcaX509CertificateConverter(); try { return converter.getCertificate(holder); } catch (java.security.cert.CertificateException e) { throw new CertificateException("Error creating certificate", e); } }