be.fedict.eid.applet.service.signer.cms.AbstractCMSSignatureService.java Source code

Java tutorial

  1. HOME
  2. Java
  3. be.fedict.eid.applet.service.signer.cms.AbstractCMSSignatureService.java

Introduction

Here is the source code for be.fedict.eid.applet.service.signer.cms.AbstractCMSSignatureService.java

Source

/*
 * eID Applet Project.
 * Copyright (C) 2009-2010 FedICT.
 * Copyright (C) 2014 e-Contract.be BVBA.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License version
 * 3.0 as published by the Free Software Foundation.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, see 
 * http://www.gnu.org/licenses/.
 */

package be.fedict.eid.applet.service.signer.cms;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.List;

import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;

import be.fedict.eid.applet.service.signer.DummyPrivateKey;
import be.fedict.eid.applet.service.signer.SHA1WithRSAProxySignature;
import be.fedict.eid.applet.service.spi.AddressDTO;
import be.fedict.eid.applet.service.spi.DigestInfo;
import be.fedict.eid.applet.service.spi.IdentityDTO;
import be.fedict.eid.applet.service.spi.SignatureService;

/**
 * Abstract CMS Signature Service class. The content and signing certificate are
 * included in the CMS signature.
 * 
 * @author Frank Cornelis
 * 
 */
public abstract class AbstractCMSSignatureService implements SignatureService {

    public String getFilesDigestAlgorithm() {
        return null;
    }

    public DigestInfo preSign(List<DigestInfo> digestInfos, List<X509Certificate> signingCertificateChain,
            IdentityDTO identity, AddressDTO address, byte[] photo) throws NoSuchAlgorithmException {
        CMSSignedDataGenerator generator = createCMSSignedDataGenerator(signingCertificateChain);
        byte[] toBeSigned = getToBeSigned();
        CMSProcessable content = new CMSProcessableByteArray(toBeSigned);

        CMSProvider provider = new CMSProvider();
        SHA1WithRSAProxySignature.reset();
        try {
            generator.generate(content, true, provider);
        } catch (CMSException e) {
            throw new RuntimeException(e);
        }
        byte[] digestValue = SHA1WithRSAProxySignature.getDigestValue();
        String description = getSignatureDescription();
        DigestInfo digestInfo = new DigestInfo(digestValue, "SHA1", description);
        return digestInfo;
    }

    public void postSign(byte[] signatureValue, List<X509Certificate> signingCertificateChain) {
        CMSSignedDataGenerator generator;
        try {
            generator = createCMSSignedDataGenerator(signingCertificateChain);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }

        byte[] toBeSigned = getToBeSigned();
        CMSProcessable content = new CMSProcessableByteArray(toBeSigned);

        CMSProvider provider = new CMSProvider();
        SHA1WithRSAProxySignature.reset();
        SHA1WithRSAProxySignature.setSignatureValue(signatureValue);
        CMSSignedData signedData;
        try {
            signedData = generator.generate(content, true, provider);
        } catch (CMSException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
        byte[] cmsSignature;
        try {
            cmsSignature = signedData.getEncoded();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        this.storeCMSSignature(cmsSignature);
    }

    private CMSSignedDataGenerator createCMSSignedDataGenerator(List<X509Certificate> signingCertificateChain)
            throws NoSuchAlgorithmException {
        CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
        if (null != signingCertificateChain) {
            X509Certificate signerCertificate = signingCertificateChain.get(0);
            PrivateKey dummyPrivateKey = new DummyPrivateKey();
            generator.addSigner(dummyPrivateKey, signerCertificate, CMSSignedDataGenerator.DIGEST_SHA1);
            List<X509Certificate> certList = new LinkedList<X509Certificate>();
            certList.add(signerCertificate);
            CertStore certStore;
            try {
                certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList));
            } catch (InvalidAlgorithmParameterException e) {
                throw new NoSuchAlgorithmException(e);
            }
            try {
                generator.addCertificatesAndCRLs(certStore);
            } catch (CertStoreException e) {
                throw new RuntimeException(e);
            } catch (CMSException e) {
                throw new RuntimeException(e);
            }
        }
        return generator;
    }

    abstract protected byte[] getToBeSigned();

    abstract protected String getSignatureDescription();

    abstract protected void storeCMSSignature(byte[] cmsSignature);
}