gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(sha1Signer, certificate)); CMSProcessableByteArray cmsByteArray = new CMSProcessableByteArray(data); ByteArrayOutputStream baos = new ByteArrayOutputStream(); cmsByteArray.write(baos); LOGGER.debug("CMSProcessableByteArray contains [" + baos.toString() + "]"); CMSEnvelopedData envData = envGenerator.generate(new CMSProcessableByteArray(signed), new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider("BC").build());
inStream = new ByteArrayInputStream((byte[])signedContent.getContent());
signedGenerator.addCertificatesAndCRLs(certStore); CMSProcessableByteArray cmsByteArray = new CMSProcessableByteArray(data); ByteArrayOutputStream baos = new ByteArrayOutputStream(); cmsByteArray.write(baos); System.out.println("CMSProcessableByteArray contains [" + baos.toString() + "]"); envGenerator.addKeyTransRecipient(payPalCert); CMSEnvelopedData envData = envGenerator.generate( new CMSProcessableByteArray(signed), CMSEnvelopedDataGenerator.DES_EDE3_CBC, "BC");
inStream = new ByteArrayInputStream((byte[])signedContent.getContent());
Signature signature = Signature.getInstance(algorithm, BC); signature.initSign(privateKey); signature.update(docForSign.getBytes()); CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
CMSTypedData cmsdata = new CMSProcessableByteArray(content); CMSSignedData signeddata = generator.generate(cmsdata, true); return signeddata.getEncoded();
CMSProcessable signedContent = new CMSProcessableByteArray(byteArray); CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
@SuppressWarnings(value = "unchecked") public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException { ByteArrayOutputStream bodyOs = new ByteArrayOutputStream(); MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType()); if (writer == null) { throw new WriterException(Messages.MESSAGES.failedToFindWriter(out.getType().getName())); } MultivaluedMapImpl<String, Object> bodyHeaders = new MultivaluedMapImpl<String, Object>(); bodyHeaders.add("Content-Type", out.getMediaType().toString()); writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs); CMSSignedDataGenerator signGen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey()); signGen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) .build(sha1Signer, out.getCertificate())); CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray()); CMSSignedData signedData = signGen.generate(content, true); return signedData.getEncoded(); } }
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
/** * Build a Bouncy Castle {@link CMSSignedData} from bytes. * * @param signature the signature. * @param data the data signed. * @return a CMS signed data. * @throws GeneralSecurityException if the signature could not be decoded. */ public static CMSSignedData getSignedData(byte[] signature, byte[] data) throws GeneralSecurityException { CMSSignedData signedData; try { if (data != null) { signedData = new CMSSignedData(new CMSProcessableByteArray(data), signature); } else { signedData = new CMSSignedData(signature); } } catch (CMSException e) { throw new GeneralSecurityException("Unable to decode signature", e); } return signedData; }
String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236"; String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw="; byte[] signedByte = Base64.decode(signed); Security.addProvider(new BouncyCastleProvider()); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte); SignerInformationStore signers = s.getSignerInfos(); SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next(); FileInputStream fis = new FileInputStream("c:\\sap.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next(); boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); System.out.println("Verified: "+result);
@Override public void close() throws IOException { if (mOutputJar == null) { return; } if (mManifest != null) { // write the manifest to the jar file mOutputJar.putNextEntry(new JarEntry(JarFile.MANIFEST_NAME)); mManifest.write(mOutputJar); try { // CERT.SF mOutputJar.putNextEntry(new JarEntry("META-INF/CERT.SF")); ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); writeSignatureFile(byteArrayOutputStream); byte[] signedData = byteArrayOutputStream.toByteArray(); mOutputJar.write(signedData); // CERT.* mOutputJar.putNextEntry(new JarEntry("META-INF/CERT." + mKey.getAlgorithm())); writeSignatureBlock(new CMSProcessableByteArray(signedData), mCertificate); } catch (Exception e) { throw new IOException(e); } } mOutputJar.close(); mOutputJar = null; }
@Override public byte[] signManifestFile(byte[] manifestJSON, PKSigningInformation signingInformation) throws PKSigningException { Assert.notNull(manifestJSON, "Manifest JSON is mandatory"); CMSProcessableByteArray content = new CMSProcessableByteArray(manifestJSON); return signManifestUsingContent(signingInformation, content); }
/** * Closes the Jar archive by creating the manifest, and signing the archive. * @throws IOException * @throws SigningException */ public void close() throws IOException, SigningException { if (mManifest != null) { // write the manifest to the jar file mOutputJar.putNextEntry(new JarEntry(JarFile.MANIFEST_NAME)); mManifest.write(mOutputJar); try { // CERT.SF Signature signature = Signature.getInstance("SHA1with" + mKey.getAlgorithm()); signature.initSign(mKey); mOutputJar.putNextEntry(new JarEntry("META-INF/CERT.SF")); ByteArrayOutputStream baos = new ByteArrayOutputStream(); writeSignatureFile(baos); byte[] signedData = baos.toByteArray(); mOutputJar.write(signedData); // CERT.* mOutputJar.putNextEntry(new JarEntry("META-INF/CERT." + mKey.getAlgorithm())); writeSignatureBlock(new CMSProcessableByteArray(signedData), mCertificate, mKey); } catch (Exception e) { throw new SigningException(e); } } mOutputJar.close(); mOutputJar = null; }
private static void createSignature(Path srcfile, X500PrivateCredential creds, FileOutputStream target) throws Exception { byte[] fileContent = Files.readAllBytes(CONTENT_SRC_PATH); CMSSignedDataGenerator gen = new CMSSignedDataGenerator() { ... }; // Build CMS CMSTypedData msg = new CMSProcessableByteArray(fileContent); CMSSignedData sigData = gen.generate(msg, true); // write raw data instead of base64 target.write(sigData.getEncoded()); }
CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(Data_Bytes), Sig_Bytes); CertStore certStore = cms.getCertificatesAndCRLs("Collection", "BC"); SignerInformationStore signers = cms.getSignerInfos();
private static void signFile(Manifest manifest, JarFile inputJar, X509Certificate publicKey, PrivateKey privateKey, JarOutputStream outputJar) throws Exception { // Assume the certificate is valid for at least an hour. long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; // MANIFEST.MF JarEntry je = new JarEntry(JarFile.MANIFEST_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); manifest.write(outputJar); je = new JarEntry(CERT_SF_NAME); je.setTime(timestamp); outputJar.putNextEntry(je); ByteArrayOutputStream baos = new ByteArrayOutputStream(); writeSignatureFile(manifest, baos, getDigestAlgorithm(publicKey)); byte[] signedData = baos.toByteArray(); outputJar.write(signedData); // CERT.{EC,RSA} / CERT#.{EC,RSA} final String keyType = publicKey.getPublicKey().getAlgorithm(); je = new JarEntry(String.format(CERT_SIG_NAME, keyType)); je.setTime(timestamp); outputJar.putNextEntry(je); writeSignatureBlock(new CMSProcessableByteArray(signedData), publicKey, privateKey, outputJar); } }
public AsicWriter addEncrypted(InputStream inputStream, String filename, MimeType mimeType) throws IOException { try { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); ByteStreams.copy(inputStream, byteArrayOutputStream); CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); cmsEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(certificate).setProvider(BC)); CMSEnvelopedData data = cmsEnvelopedDataGenerator.generate( new CMSProcessableByteArray(byteArrayOutputStream.toByteArray()), new JceCMSContentEncryptorBuilder(cmsAlgorithm).setProvider(BC).build() ); this.entryNeames.add(filename); return asicWriter.add(new ByteArrayInputStream(data.getEncoded()), filename + ".p7m", mimeType); } catch (Exception e) { throw new IOException(e.getMessage(), e); } }