Examples of CMSSignedDataGenerator

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
            certList.addAll(chain);
        }
        try {
            CMSProcessable msg = new CMSProcessableByteArray("EJBCA".getBytes());
            CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
            CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
            if (getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN) == null) {
              String msg1 = "createPKCS7: Private key does not exist!";
              log.debug(msg1);
              throw new SignRequestSignatureException(msg1);
            }
            gen.addSigner(getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN), (X509Certificate)getCACertificate(), CMSSignedGenerator.DIGEST_SHA1);
            gen.addCertificatesAndCRLs(certs);
            CMSSignedData s = null;
            CATokenContainer catoken = getCAToken();
            CATokenInfo tokeninfo = getCAInfo().getCATokenInfo();
            if (catoken != null && !(tokeninfo instanceof NullCATokenInfo)) {
              log.debug("createPKCS7: Provider="+catoken.getProvider()+" using algorithm "+getCAToken().getPrivateKey(SecConst.CAKEYPURPOSE_CERTSIGN).getAlgorithm());
              s = gen.generate(msg, true, catoken.getProvider());
            } else {
              String msg1 = "CA Token does not exist!";
              log.debug(msg);
              throw new SignRequestSignatureException(msg1);
            }
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
        edGen.addKeyTransRecipient(cacert);
        CMSEnvelopedData ed = edGen.generate(envThis, SMIMECapability.dES_CBC.getId(), "BC");
        return ed;
    }
    private CMSSignedData sign(CMSProcessable signThis, String messageType, String transactionId) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException, InvalidAlgorithmParameterException, CertStoreException {
        CMSSignedDataGenerator gen1 = new CMSSignedDataGenerator();

        // add authenticated attributes...status, transactionId, sender- and more...
        Hashtable attributes = new Hashtable();
        DERObjectIdentifier oid;
        Attribute attr;
        DERSet value;
       
        // Message type (certreq)
        oid = new DERObjectIdentifier(ScepRequestMessage.id_messageType);
        value = new DERSet(new DERPrintableString(messageType));
        attr = new Attribute(oid, value);
        attributes.put(attr.getAttrType(), attr);

        // TransactionId
        oid = new DERObjectIdentifier(ScepRequestMessage.id_transId);
        value = new DERSet(new DERPrintableString(transactionId));
        attr = new Attribute(oid, value);
        attributes.put(attr.getAttrType(), attr);

        // senderNonce
        byte[] nonce = new byte[16];
        randomSource.nextBytes(nonce);
        senderNonce = new String(Base64.encode(nonce));
        if (nonce != null) {
            oid = new DERObjectIdentifier(ScepRequestMessage.id_senderNonce);
            log.debug("Added senderNonce: " + senderNonce);
            value = new DERSet(new DEROctetString(nonce));
            attr = new Attribute(oid, value);
            attributes.put(attr.getAttrType(), attr);
        }

        // Add our signer info and sign the message
        ArrayList certList = new ArrayList();
        certList.add(cert);
        CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
        gen1.addCertificatesAndCRLs(certs);
        gen1.addSigner(keys.getPrivate(), cert, digestOid,
                new AttributeTable(attributes), null);
        // The signed data to be enveloped
        CMSSignedData s = gen1.generate(signThis, true, "BC");
        return s;
    }
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
  {
    /**
     * Inizializzo il generatore impostando l'algoritmo di
     * hashing desiderato ed aggiungendo un firmatario
     */
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner sigGen =
       new JcaContentSignerBuilder("SHA256withRSA").setProvider(
       pkcs11Provider.getName()).build(privateKey);

    /**
     * -- CADES --
     */
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(userCertificate.getEncoded());
    byte[] certHash = md.digest();
    ESSCertIDv2 essCert1 =
       new ESSCertIDv2(new AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
    ESSCertIDv2[] essCert1Arr =
    {
      essCert1
    };

    SigningCertificateV2 scv2 = new SigningCertificateV2(essCert1Arr);
    Attribute certHAttribute =
       new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(scv2));
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(certHAttribute);
    /**
     * -- END CADES --
     */
    AttributeTable at = new AttributeTable(v);
    CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(at);
    SignerInfoGeneratorBuilder genBuild =
       new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
    genBuild.setSignedAttributeGenerator(attrGen);
    SignerInfoGenerator sifGen =
       genBuild.build(sigGen, new X509CertificateHolder(userCertificate.getEncoded()));

    gen.addSignerInfoGenerator(sifGen);

    /**
     * Popolo la "catena di certificazione" (certificate chain)
     */
    ArrayList certList = new ArrayList();
    certList.add(userCertificate);

    X509CollectionStoreParameters x509CollectionStoreParameters =
       new X509CollectionStoreParameters(certList);
    JcaCertStore jcaCertStore = new JcaCertStore(certList);
    gen.addCertificates(jcaCertStore);

    /**
     * Genera il file p7m e lo salva nel path specificato.
     * Inserendo "false" come secondo parametro di generate() si
     * otterrebbe invece un file p7s, ovvero la sola firma "detached".
     */
    CMSProcessableFile content = new CMSProcessableFile(fileInput);
    CMSSignedData data = gen.generate(content, true);
    byte[] res = data.getEncoded();
    FileOutputStream fos = new FileOutputStream(fileFirmato);
    fos.write(res);
    fos.close();
  }
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
  IssuerAndSubject ias = new IssuerAndSubject(issuer, subject);
  BigInteger serial = BigInteger.ONE;
  IssuerAndSerialNumber iasn = new IssuerAndSerialNumber(issuer, serial);
  PKCS10CertificationRequest csr = getCsr(new X500Principal("CN=Client"),
    pair.getPublic(), pair.getPrivate(), "password".toCharArray());
  CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
  ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA")
    .build(pair.getPrivate());
  X509Certificate cert = X509Certificates.createEphemeral(
    new X500Principal("CN=client"), pair);
  Store certs = new JcaCertStore(Collections.singleton(cert));
  gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
    new JcaDigestCalculatorProviderBuilder().build()).build(
    sha1Signer, cert));
  gen.addCertificates(certs);
  CMSTypedData msg = new CMSAbsentContent();
  CMSSignedData sigData = gen.generate(msg, false);

  params.add(new Object[] { new GetCert(transId, senderNonce, iasn) });
  params.add(new Object[] { new GetCertInitial(transId, senderNonce, ias) });
  params.add(new Object[] { new GetCrl(transId, senderNonce, iasn) });
  params.add(new Object[] { new PkcsReq(transId, senderNonce, csr) });
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
  }
    }

    private CMSSignedData getMessageData(List<X509Certificate> certs)
      throws IOException, CMSException, GeneralSecurityException {
  CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
  JcaCertStore store;
  try {
      store = new JcaCertStore(certs);
  } catch (CertificateEncodingException e) {
      IOException ioe = new IOException();
      ioe.initCause(e);

      throw ioe;
  }
  generator.addCertificates(store);
  return generator.generate(new CMSAbsentContent());
    }
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
  return generator.generate(new CMSAbsentContent());
    }

    private CMSSignedData getMessageData(X509CRL crl) throws IOException,
      CMSException, GeneralSecurityException {
  CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
  JcaCRLStore store;
  if (crl == null) {
      store = new JcaCRLStore(Collections.emptyList());
  } else {
      store = new JcaCRLStore(Collections.singleton(crl));
  }
  generator.addCertificates(store);
  return generator.generate(new CMSAbsentContent());
    }
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
  if (certs.size() == 0) {
      res.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
        "GetNextCACert Not Supported");
  } else {
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      JcaCertStore store;
      try {
    store = new JcaCertStore(certs);
      } catch (CertificateEncodingException e) {
    IOException ioe = new IOException();
    ioe.initCause(e);

    throw ioe;
      }
      generator.addCertificates(store);
      DigestCalculatorProvider digestProvider = new JcaDigestCalculatorProviderBuilder()
        .build();
      SignerInfoGeneratorBuilder infoGenBuilder = new SignerInfoGeneratorBuilder(
        digestProvider);
      X509CertificateHolder certHolder = new X509CertificateHolder(
        getRecipient().getEncoded());
      ContentSigner contentSigner = new JcaContentSignerBuilder(
        "SHA1withRSA").build(getRecipientKey());
      SignerInfoGenerator infoGen = infoGenBuilder.build(contentSigner,
        certHolder);
      generator.addSignerInfoGenerator(infoGen);

      CMSSignedData degenerateSd = generator
        .generate(new CMSAbsentContent());
      byte[] bytes = degenerateSd.getEncoded();

      res.getOutputStream().write(bytes);
      res.getOutputStream().close();
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
  } else if (certs.size() == 1) {
      res.setHeader("Content-Type", "application/x-x509-ca-cert");
      bytes = certs.get(0).getEncoded();
  } else {
      res.setHeader("Content-Type", "application/x-x509-ca-ra-cert");
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      JcaCertStore store;
      try {
    store = new JcaCertStore(certs);
      } catch (CertificateEncodingException e) {
    IOException ioe = new IOException();
    ioe.initCause(e);

    throw ioe;
      }
      generator.addCertificates(store);
      CMSSignedData degenerateSd = generator
        .generate(new CMSAbsentContent());
      bytes = degenerateSd.getEncoded();
  }

  res.getOutputStream().write(bytes);
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
    CMSProcessable content = getContent(message);
    LOGGER.debug(
        "Signing pkiMessage using key belonging to [issuer={}; serial={}]",
        signerId.getIssuerDN(), signerId.getSerialNumber());
    try {
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      generator.addSignerInfoGenerator(getSignerInfo(message));
      generator.addCertificates(getCertificates());
      LOGGER.debug("Signing {} content", content);
      CMSSignedData pkiMessage = generator.generate(DATA, content, true,
          (Provider) null, true);
      LOGGER.debug("Finished encoding pkiMessage");

      return pkiMessage;
    } catch (CMSException e) {
View Full Code Here

Examples of org.bouncycastle.cms.CMSSignedDataGenerator

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
  @Override
  public void write(final Certificate[] chain, final OutputStream outputStream) {
    Assert.notEmpty(chain, "chain");
    Assert.notNull(outputStream, "outputStream");
    try {
      CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
      CMSTypedData content = new CMSAbsentContent();

      signedDataGenerator.addCertificates(BouncyCastleProviderHelper.toStore(chain));

      CMSSignedData signedData = signedDataGenerator.generate(content, false);
      byte[] bytes = signedData.getEncoded();
      outputStream.write(bytes);
    } catch (Exception e) {
      throw new CertificateException(e);
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.