本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaCertStore类的典型用法代码示例。如果您正苦于以下问题:Java JcaCertStore类的具体用法?Java JcaCertStore怎么用?Java JcaCertStore使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
JcaCertStore类属于org.bouncycastle.cert.jcajce包,在下文中一共展示了JcaCertStore类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: generateP7B
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
try {
List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
certChain.add(caCertificate);
Store certs = new JcaCertStore(certChain);
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);
cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
.build(sha1Signer, caCertificate));
cmsSignedDataGenerator.addCertificates(certs);
CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);
return sigData;
} catch(Exception e) {
throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
}
}
开发者ID:fabiusks,项目名称:cert-services,代码行数:25,代码来源:P7BService.java
示例2: generateSignatureBlock
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private static byte[] generateSignatureBlock(
SignerConfig signerConfig, byte[] signatureFileBytes)
throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm =
getJcaSignatureAlgorithm(
signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer =
new JcaContentSignerBuilder(jcaSignatureAlgorithm)
.build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(
new SignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().build(),
SignerInfoSignatureAlgorithmFinder.INSTANCE)
.setDirectSignature(true)
.build(signer, new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData =
gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
开发者ID:Meituan-Dianping,项目名称:walle,代码行数:35,代码来源:V1SchemeSigner.java
示例3: generateSignatureBlock
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
X509Certificate signerCert = signerConfig.certificates.get(0);
String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
try {
ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer,
new JcaX509CertificateHolder(signerCert)));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
ByteArrayOutputStream out = new ByteArrayOutputStream();
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
return out.toByteArray();
} catch (OperatorCreationException | CMSException | IOException e) {
throw new SignatureException("Failed to generate signature", e);
}
}
开发者ID:abutun,项目名称:apk-verifier,代码行数:24,代码来源:V1SchemeSigner.java
示例4: testVerifySignature
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Test(description = "This test case tests Signature verification of a Certificate against the keystore")
public void testVerifySignature() throws KeystoreException, CertificateEncodingException, CMSException, IOException {
BASE64Encoder encoder = new BASE64Encoder();
//generate and save a certificate in the keystore
X509Certificate x509Certificate = managementService.generateX509Certificate();
//Generate CMSdata
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
List<X509Certificate> list = new ArrayList<>();
list.add(x509Certificate);
JcaCertStore store = new JcaCertStore(list);
generator.addCertificates(store);
CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent());
byte[] signature = degenerateSd.getEncoded();
boolean verifySignature = managementService.verifySignature(encoder.encode(signature));
Assert.assertNotNull(verifySignature);
Assert.assertTrue(verifySignature);
log.info("VerifySignature Test Successful");
}
开发者ID:wso2,项目名称:carbon-device-mgt,代码行数:19,代码来源:CertificateManagementServiceImplTests.java
示例5: testExtractCertificateFromSignature
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Test(description = "This test case tests extracting Certificate from the header Signature")
public void testExtractCertificateFromSignature() throws KeystoreException, CertificateEncodingException, CMSException, IOException {
BASE64Encoder encoder = new BASE64Encoder();
//generate and save a certificate in the keystore
X509Certificate x509Certificate = managementService.generateX509Certificate();
//Generate CMSdata
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
List<X509Certificate> list = new ArrayList<>();
list.add(x509Certificate);
JcaCertStore store = new JcaCertStore(list);
generator.addCertificates(store);
CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent());
byte[] signature = degenerateSd.getEncoded();
X509Certificate certificate = managementService.extractCertificateFromSignature(encoder.encode(signature));
Assert.assertNotNull(certificate);
Assert.assertEquals(certificate.getType(), CertificateManagementConstants.X_509);
log.info("ExtractCertificateFromSignature Test Successful");
}
开发者ID:wso2,项目名称:carbon-device-mgt,代码行数:19,代码来源:CertificateManagementServiceImplTests.java
示例6: getJcaCertStore
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* The order of the certificates is important, the fist one must be the signing certificate.
*
* @return a store with the certificate chain of the signing certificate. The {@code Collection} is unique.
* @throws CertificateEncodingException
*/
private JcaCertStore getJcaCertStore(final Collection<CertificateToken> certificateChain, CAdESSignatureParameters parameters) {
BaselineBCertificateSelector certificateSelectors = new BaselineBCertificateSelector(certificateVerifier, parameters);
List<CertificateToken> certificatesToAdd = certificateSelectors.getCertificates();
for (CertificateToken certificateToken : certificatesToAdd) {
if (!certificateChain.contains(certificateToken)) {
certificateChain.add(certificateToken);
}
}
try {
final Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
for (final CertificateToken certificateInChain : certificateChain) {
certs.add(certificateInChain.getCertificate());
}
return new JcaCertStore(certs);
} catch (CertificateEncodingException e) {
throw new DSSException(e);
}
}
开发者ID:esig,项目名称:dss,代码行数:27,代码来源:CMSSignedDataBuilder.java
示例7: createTimeStampToken
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain)
throws Exception {
Store certs = new JcaCertStore(certificateChain);
TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator();
requestGen.setCertReq(true);
TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)),
new JcaDigestCalculatorProviderBuilder().build()
.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)),
new ASN1ObjectIdentifier("1.2"));
tsTokenGen.addCertificates(certs);
return tsTokenGen.generate(request, BigInteger.ONE, new Date());
}
开发者ID:e-Contract,项目名称:jtrust,代码行数:19,代码来源:PKITestUtils.java
示例8: sign
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Override
public byte[] sign(byte[] data) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyStore inStore = KeyStore.getInstance("PKCS12");
inStore.load(new FileInputStream(packageZipConfiguration.pushPackageSignerCertPath), packageZipConfiguration.pushPackageSignerCertPassword.toCharArray());
Key key = inStore.getKey(packageZipConfiguration.pushPackageSignerCertName, packageZipConfiguration.pushPackageSignerCertPassword.toCharArray());
PrivateKey privateKey = RSAPrivateKeyImpl.parseKey(new DerValue(key.getEncoded()));
Certificate certificate = inStore.getCertificate(packageZipConfiguration.pushPackageSignerCertName);
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificate.getEncoded());
List certList = new ArrayList();
CMSTypedData msg = new CMSProcessableByteArray(data); //Data to sign
certList.add(certificateHolder); //Adding the X509 Certificate
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
//Initializing the the BC's Signer
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
.build(sha1Signer, certificateHolder));
//adding the certificate
gen.addCertificates(certs);
//Getting the signed data
CMSSignedData sigData = gen.generate(msg, false);
return sigData.getEncoded();
}
开发者ID:chriskearney,项目名称:stickypunch,代码行数:33,代码来源:PackageZipSigner.java
示例9: generateMultiPartGost
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private MimeMultipart generateMultiPartGost(
MimeBodyPart msg)
throws Exception
{
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_signGostCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("GOST3411withGOST3410", _signGostKP.getPrivate(), _signGostCert));
gen.addCertificates(certs);
return gen.generate(msg);
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:19,代码来源:NewSMIMESignedTest.java
示例10: generateMultiPartECGost
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private MimeMultipart generateMultiPartECGost(
MimeBodyPart msg)
throws Exception
{
List certList = new ArrayList();
certList.add(_signCert);
certList.add(_signEcGostCert);
Store certs = new JcaCertStore(certList);
SMIMESignedGenerator gen = new SMIMESignedGenerator();
gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("GOST3411withECGOST3410", _signEcGostKP.getPrivate(), _signEcGostCert));
gen.addCertificates(certs);
return gen.generate(msg);
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:19,代码来源:NewSMIMESignedTest.java
示例11: writeSignatureBlock
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(CMSTypedData data,
X509Certificate publicKey,
PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" +
privateKey.getAlgorithm()).build(
privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder()
.build()).setDirectSignature(
true).build(sha1Signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(mOutputJar);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
开发者ID:alibaba,项目名称:atlas,代码行数:30,代码来源:LocalSignedJarBuilder.java
示例12: writeSignatureBlock
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/** Sign data and write the digital signature to 'out'. */
private static void writeSignatureBlock(
CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey,
OutputStream out)
throws IOException,
CertificateEncodingException,
OperatorCreationException,
CMSException {
ArrayList < X509Certificate > certList = new ArrayList < > (1);
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey))
.setProvider(sBouncyCastleProvider)
.build(privateKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder()
.setProvider(sBouncyCastleProvider)
.build())
.setDirectSignature(true)
.build(signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
开发者ID:bhb27,项目名称:isu,代码行数:29,代码来源:ZipUtils.java
示例13: signRequest
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* Signs a time stamp request
*
* @param privateKey private key to sign with
* @param certificates certificate chain
* @param request request to be signed
* @return The signed request
*/
public byte[] signRequest(PrivateKey privateKey, Certificate[] certificates, byte[] request, String algorithm) {
try {
logger.info(timeStampMessagesBundle.getString("info.timestamp.sign.request"));
Security.addProvider(new BouncyCastleProvider());
X509Certificate signCert = (X509Certificate) certificates[0];
List<X509Certificate> certList = new ArrayList<>();
certList.add(signCert);
// setup the generator
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
String varAlgorithm = null;
if (algorithm != null && !algorithm.isEmpty()){
varAlgorithm = algorithm;
}else{
varAlgorithm = "SHA256withRSA";
}
SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().build(varAlgorithm, privateKey, signCert);
generator.addSignerInfoGenerator(signerInfoGenerator);
Store<?> certStore = new JcaCertStore(certList);
generator.addCertificates(certStore);
// Store crlStore = new JcaCRLStore(crlList);
// generator.addCRLs(crlStore);
// Create the signed data object
CMSTypedData data = new CMSProcessableByteArray(request);
CMSSignedData signed = generator.generate(data, true);
return signed.getEncoded();
} catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) {
logger.info(ex.getMessage());
}
return null;
}
开发者ID:demoiselle,项目名称:signer,代码行数:45,代码来源:RequestSigner.java
示例14: signWithSeparatedHashing
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
* Create pkcs7 signature from file digest
* </a>
* <p>
* The OP's <code>sign</code> method after fixing some errors. The
* OP's original method is {@link #signBySnox(InputStream)}. The
* errors were
* </p>
* <ul>
* <li>multiple attempts at reading the {@link InputStream} parameter;
* <li>convoluted creation of final CMS container.
* </ul>
* <p>
* Additionally this method uses SHA256 instead of SHA-1.
* </p>
*/
public byte[] signWithSeparatedHashing(InputStream content) throws IOException
{
try
{
// Digest generation step
MessageDigest md = MessageDigest.getInstance("SHA256", "BC");
byte[] digest = md.digest(IOUtils.toByteArray(content));
// Separate signature container creation step
List<Certificate> certList = Arrays.asList(chain);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
Attribute attr = new Attribute(CMSAttributes.messageDigest,
new DERSet(new DEROctetString(digest)));
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(attr);
SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
AlgorithmIdentifier sha256withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
gen.addSignerInfoGenerator(builder.build(
new BcRSAContentSignerBuilder(sha256withRSA,
new DefaultDigestAlgorithmIdentifierFinder().find(sha256withRSA))
.build(PrivateKeyFactory.createKey(pk.getEncoded())),
new JcaX509CertificateHolder(cert)));
gen.addCertificates(certs);
CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
return s.getEncoded();
}
catch (Exception e)
{
e.printStackTrace();
throw new IOException(e);
}
}
开发者ID:mkl-public,项目名称:testarea-pdfbox2,代码行数:65,代码来源:CreateSignature.java
示例15: toSignedData
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private CMSSignedData toSignedData()
throws CertificateEncodingException,
OperatorCreationException, CMSException,
InvalidKeyException, SignatureException,
NoSuchAlgorithmException, NoSuchProviderException {
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
List<X509Certificate> certList = new ArrayList<X509Certificate>();
CMSTypedData msg = new CMSProcessableByteArray(Xml.this
.toString().getBytes(Charsets.UTF_8));
certList.add(signCert);
@SuppressWarnings("unchecked")
Store<X509Certificate> certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner signer = new JcaContentSignerBuilder(
BouncyCastleWsaaManager.SIGNING_ALGORITHM)
.setProvider("BC").build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(
"BC").build()).build(signer, signCert));
gen.addCertificates(certs);
return gen.generate(msg, true);
}
开发者ID:NibiruOS,项目名称:afip,代码行数:32,代码来源:LoginTicketRequest.java
示例16: writeSignatureBlock
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException,
CertificateEncodingException,
OperatorCreationException,
CMSException {
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder(
"SHA1with" + privateKey.getAlgorithm())
.build(privateKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder()
.build())
.setDirectSignature(true)
.build(sha1Signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(mOutputJar);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
开发者ID:jskierbi,项目名称:intellij-ce-playground,代码行数:34,代码来源:SignedJarBuilder.java
示例17: createEncodedSignature
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* To create a encoded signature from certificate.
*
* @param x509Certificate Certificate that need to be encoded.
* @return Encoded signature.
* @throws CertificateEncodingException Certificate Encoding Exception.
* @throws CMSException CMS Exception.
* @throws IOException IO Exception.
*/
private String createEncodedSignature(X509Certificate x509Certificate) throws CertificateEncodingException,
CMSException, IOException {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
List<X509Certificate> list = new ArrayList<>();
list.add(x509Certificate);
JcaCertStore store = new JcaCertStore(list);
generator.addCertificates(store);
AtomicReference<CMSSignedData> degenerateSd = new AtomicReference<>(generator.generate(new CMSAbsentContent()));
byte[] signature = degenerateSd.get().getEncoded();
return Base64.getEncoder().encodeToString(signature);
}
开发者ID:wso2,项目名称:carbon-device-mgt,代码行数:21,代码来源:CertificateAuthenticatorTest.java
示例18: sign
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
public byte[] sign(InputStream content) {
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
// CertificateChain
List<Certificate> certList = Arrays.asList(certChain);
try {
CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList),
provider);
Hashtable signedAttrs = new Hashtable();
X509Certificate signingCert = (X509Certificate) certList.get(0);
gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC")
.setSignedAttributeGenerator(new AttributeTable(signedAttrs))
.build("SHA256withRSA", privKey, signingCert));
gen.addCertificates(new JcaCertStore(certList));
// gen.addCRLs(new JcaCRLStore(certStore.getCRLs(null)));
boolean embedCrls = true;
if (embedCrls) {
X509CRL[] crls = fetchCRLs(signingCert);
for (X509CRL crl : crls) {
gen.addCRL(new JcaX509CRLHolder(crl));
}
}
// gen.addOtherRevocationInfo(arg0, arg1);
CMSProcessableByteArray processable = new CMSProcessableByteArray(IOUtils.toByteArray(content));
CMSSignedData signedData = gen.generate(processable, false);
if (tsaClient != null) {
signedData = signTimeStamps(signedData);
}
return signedData.getEncoded();
} catch (Exception e) {
new RuntimeException(e);
}
throw new RuntimeException("Problem while preparing signature");
}
开发者ID:beat2,项目名称:pdfbox-signer,代码行数:40,代码来源:Signing.java
示例19: createCMSSignedDataGenerator
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
* Note:
* Section 5.1 of RFC 3852 [4] requires that, the CMS SignedData version be set to 3 if certificates from
* SignedData is present AND (any version 1 attribute certificates are present OR any SignerInfo structures
* are version 3 OR eContentType from encapContentInfo is other than id-data). Otherwise, the CMS
* SignedData version is required to be set to 1.
* ---> CMS SignedData Version is handled automatically by BouncyCastle.
*
* @param parameters
* set of the driving signing parameters
* @param contentSigner
* the contentSigned to get the hash of the data to be signed
* @param signerInfoGeneratorBuilder
* true if the unsigned attributes must be included
* @param originalSignedData
* the original signed data if extending an existing signature. null otherwise.
* @return the bouncycastle signed data generator which signs the document and adds the required signed and unsigned
* CMS attributes
* @throws eu.europa.esig.dss.DSSException
*/
protected CMSSignedDataGenerator createCMSSignedDataGenerator(final CAdESSignatureParameters parameters, final ContentSigner contentSigner,
final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder, final CMSSignedData originalSignedData) throws DSSException {
try {
final CertificateToken signingCertificate = parameters.getSigningCertificate();
final CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
final X509CertificateHolder certHolder = DSSASN1Utils.getX509CertificateHolder(signingCertificate);
final SignerInfoGenerator signerInfoGenerator = signerInfoGeneratorBuilder.build(contentSigner, certHolder);
generator.addSignerInfoGenerator(signerInfoGenerator);
final List<CertificateToken> certificateChain = new LinkedList<CertificateToken>();
if (originalSignedData != null) {
generator.addSigners(originalSignedData.getSignerInfos());
generator.addAttributeCertificates(originalSignedData.getAttributeCertificates());
generator.addCRLs(originalSignedData.getCRLs());
generator.addOtherRevocationInfo(id_pkix_ocsp_basic, originalSignedData.getOtherRevocationInfo(id_pkix_ocsp_basic));
generator.addOtherRevocationInfo(id_ri_ocsp_response, originalSignedData.getOtherRevocationInfo(id_ri_ocsp_response));
final Store<X509CertificateHolder> certificates = originalSignedData.getCertificates();
final Collection<X509CertificateHolder> certificatesMatches = certificates.getMatches(null);
for (final X509CertificateHolder certificatesMatch : certificatesMatches) {
final CertificateToken token = DSSASN1Utils.getCertificate(certificatesMatch);
if (!certificateChain.contains(token)) {
certificateChain.add(token);
}
}
}
final JcaCertStore jcaCertStore = getJcaCertStore(certificateChain, parameters);
generator.addCertificates(jcaCertStore);
return generator;
} catch (CMSException | OperatorCreationException e) {
throw new DSSException(e);
}
}
开发者ID:esig,项目名称:dss,代码行数:60,代码来源:CMSSignedDataBuilder.java
示例20: sign
import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Override
public byte[] sign(InputStream is) throws SignatureException, IOException {
try {
BouncyCastleProvider BC = new BouncyCastleProvider();
Store<?> certStore = new JcaCertStore(Collections.singletonList(certificate));
CMSTypedDataInputStream input = new CMSTypedDataInputStream(is);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha512Signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(BC).build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha512Signer, new X509CertificateHolder(certificate.getEncoded())
));
gen.addCertificates(certStore);
CMSSignedData signedData = gen.generate(input, false);
if (der)
{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(baos);
dos.writeObject(signedData.toASN1Structure());
return baos.toByteArray();
}
else
return signedData.getEncoded();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
开发者ID:mkl-public,项目名称:testarea-pdfbox1,代码行数:31,代码来源:CreateSignature.java
注:本文中的org.bouncycastle.cert.jcajce.JcaCertStore类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论