gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);
Signature signature = Signature.getInstance(algorithm, BC); signature.initSign(privateKey); signature.update(docForSign.getBytes()); CMSTypedData msg = new CMSProcessableByteArray(signature.sign());
CMSTypedData cmsdata = new CMSProcessableByteArray(content); CMSSignedData signeddata = generator.generate(cmsdata, true); return signeddata.getEncoded();
CMSProcessable signedContent = new CMSProcessableByteArray(byteArray); CMSSignedData signedData = new CMSSignedData(signedContent, contents.getBytes()); Store<X509CertificateHolder> certificatesStore = signedData.getCertificates();
@SuppressWarnings(value = "unchecked") public static byte[] sign(Providers providers, SignedOutput out) throws IOException, NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException, CertificateEncodingException { ByteArrayOutputStream bodyOs = new ByteArrayOutputStream(); MessageBodyWriter writer = providers.getMessageBodyWriter(out.getType(), out.getGenericType(), null, out.getMediaType()); if (writer == null) { throw new WriterException(Messages.MESSAGES.failedToFindWriter(out.getType().getName())); } MultivaluedMapImpl<String, Object> bodyHeaders = new MultivaluedMapImpl<String, Object>(); bodyHeaders.add("Content-Type", out.getMediaType().toString()); writer.writeTo(out.getEntity(), out.getType(), out.getGenericType(), null, out.getMediaType(), bodyHeaders, bodyOs); CMSSignedDataGenerator signGen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(out.getPrivateKey()); signGen.addSignerInfoGenerator( new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) .build(sha1Signer, out.getCertificate())); CMSTypedData content = new CMSProcessableByteArray(bodyOs.toByteArray()); CMSSignedData signedData = signGen.generate(content, true); return signedData.getEncoded(); } }
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
String toVerify = "A1005056807CE11EE2B4CE0025305725CFrCN%3DKED,OU%3DI0020266601,OU%3DSAPWebAS,O%3DSAPTrustCommunity,C%3DDE20130611102236"; String signed = "MIIBUQYJKoZIhvcNAQcCoIIBQjCCAT4CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR0wggEZAgEBMG8wZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIwMjY2NjAxMQwwCgYDVQQDEwNLRUQCByASEgITMlYwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMTA4MjM1MVowIwYJKoZIhvcNAQkEMRYEFGy7jXb/pUqMYdk2dss2Qe6hNroaMAkGByqGSM44BAMELjAsAhRMJ+t5/3RxQAsHKnIoPY4BnO0qCAIUAbKRwWNjOYsewB56zoZqnZwRyWw="; byte[] signedByte = Base64.decode(signed); Security.addProvider(new BouncyCastleProvider()); CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(toVerify.getBytes()), signedByte); SignerInformationStore signers = s.getSignerInfos(); SignerInformation signerInfo = (SignerInformation)signers.getSigners().iterator().next(); FileInputStream fis = new FileInputStream("c:\\sap.cer"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificates(fis).iterator().next(); boolean result = signerInfo.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SUN").build(cert.getPublicKey())); System.out.println("Verified: "+result);
@Override public byte[] signManifestFile(byte[] manifestJSON, PKSigningInformation signingInformation) throws PKSigningException { Assert.notNull(manifestJSON, "Manifest JSON is mandatory"); CMSProcessableByteArray content = new CMSProcessableByteArray(manifestJSON); return signManifestUsingContent(signingInformation, content); }
private static void createSignature(Path srcfile, X500PrivateCredential creds, FileOutputStream target) throws Exception { byte[] fileContent = Files.readAllBytes(CONTENT_SRC_PATH); CMSSignedDataGenerator gen = new CMSSignedDataGenerator() { ... }; // Build CMS CMSTypedData msg = new CMSProcessableByteArray(fileContent); CMSSignedData sigData = gen.generate(msg, true); // write raw data instead of base64 target.write(sigData.getEncoded()); }
public AsicWriter addEncrypted(InputStream inputStream, String filename, MimeType mimeType) throws IOException { try { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); ByteStreams.copy(inputStream, byteArrayOutputStream); CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); cmsEnvelopedDataGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(certificate).setProvider(BC)); CMSEnvelopedData data = cmsEnvelopedDataGenerator.generate( new CMSProcessableByteArray(byteArrayOutputStream.toByteArray()), new JceCMSContentEncryptorBuilder(cmsAlgorithm).setProvider(BC).build() ); this.entryNeames.add(filename); return asicWriter.add(new ByteArrayInputStream(data.getEncoded()), filename + ".p7m", mimeType); } catch (Exception e) { throw new IOException(e.getMessage(), e); } }
public CMSSignedData generate(ASN1ObjectIdentifier contentTypeOID, ASN1Encodable content) throws CMSException, IOException { digests.clear(); SignerInfo signerInfo; if (!_signers.isEmpty()) { signerInfo = ((SignerInformation) _signers.get(0)).toASN1Structure(); } else { CMSSignedData sigData = super.generate(new CMSProcessableByteArray(contentTypeOID, content.toASN1Primitive().getEncoded("DER"))); signerInfo = sigData.getSignerInfos().iterator().next().toASN1Structure(); } ContentInfo encInfo = new ContentInfo(contentTypeOID, content); ASN1Set certificates = new DERSet((ASN1Encodable[]) certs.toArray(new ASN1Encodable[0])); ASN1Encodable signedData = new AuthenticodeSignedData(signerInfo.getDigestAlgorithm(), encInfo, certificates, signerInfo); ContentInfo contentInfo = new ContentInfo(CMSObjectIdentifiers.signedData, signedData); return new CMSSignedData(new CMSProcessableByteArray(contentTypeOID, content.toASN1Primitive().getEncoded("DER")), contentInfo); } }
/** * Sign content * * @param data Content to be signed * @return Signature */ byte[] signData(byte[] data) { try { DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build(); ContentSigner contentSigner = jcaContentSignerBuilder.build(keyPair.getPrivate()); SignerInfoGenerator signerInfoGenerator = new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider).build(contentSigner, x509Certificate); CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); cmsSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator); cmsSignedDataGenerator.addCertificates(new JcaCertStore(Collections.singletonList(x509Certificate))); CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(new CMSProcessableByteArray(data), false); logger.debug(BaseEncoding.base64().encode(cmsSignedData.getEncoded())); return cmsSignedData.getEncoded(); } catch (Exception e) { throw new IllegalStateException(String.format("Unable to sign: %s", e.getMessage()), e); } }
X509Certificate signingCertificate = getSigningCertificate(); //The chain of certificates that issued your signing certificate and so on Collection<X509Certificate;> certificateChain = getCertificateChain(); PrivateKey pk = getPrivateKey(); byte[] message = "SomeMessage".getBytes(); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); certificateChain.add(signingCertificate); generator.addCertificates(new CollectionStore(certificateChain)); JcaDigestCalculatorProviderBuilder jcaDigestProvider = new JcaDigestCalculatorProviderBuilder(); jcaDigestProvider.setProvider(new BouncyCastleProvider()); JcaSignerInfoGeneratorBuilder singerInfoGenerator = new JcaSignerInfoGeneratorBuilder(jcaDigestProvider.build()); AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA"); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(pk.getEncoded()); ContentSigner cs = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyParam); SignerInfoGenerator sig = singerInfoGenerator.build(cs, signingCertificate); generator.addSignerInfoGenerator(sig); CMSSignedData data = generator.generate(new CMSProcessableByteArray(message), true);
public byte[] signMobileConfig(byte[] mobileconfig) throws CertificateEncodingException, PEMException, FileNotFoundException, IOException, CertificateException, OperatorCreationException, CMSException { Security.addProvider(new BouncyCastleProvider()); X509CertificateHolder caCertificate = loadCertfile(); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); X509Certificate serverCertificate = certificateConverter.getCertificate(loadSigner()); PrivateKeyInfo privateKeyInfo = loadInKey(); PrivateKey inKey = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(inKey); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); JcaDigestCalculatorProviderBuilder digestProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC"); JcaSignerInfoGeneratorBuilder generatotBuilder = new JcaSignerInfoGeneratorBuilder(digestProviderBuilder.build()); generator.addSignerInfoGenerator(generatotBuilder.build(sha1Signer, serverCertificate)); generator.addCertificate(new X509CertificateHolder(serverCertificate.getEncoded())); generator.addCertificate(new X509CertificateHolder(caCertificate.getEncoded())); CMSProcessableByteArray bytes = new CMSProcessableByteArray(mobileconfig); CMSSignedData signedData = generator.generate(bytes, true); return signedData.getEncoded(); }
public byte[] signMobileConfig(byte[] mobileconfig) throws CertificateEncodingException, PEMException, FileNotFoundException, IOException, CertificateException, OperatorCreationException, CMSException { Security.addProvider(new BouncyCastleProvider()); X509CertificateHolder caCertificate = loadCertfile(); JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); X509Certificate serverCertificate = certificateConverter.getCertificate(loadSigner()); PrivateKeyInfo privateKeyInfo = loadInKey(); PrivateKey inKey = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(inKey); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); JcaDigestCalculatorProviderBuilder digestProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC"); JcaSignerInfoGeneratorBuilder generatotBuilder = new JcaSignerInfoGeneratorBuilder(digestProviderBuilder.build()); generator.addSignerInfoGenerator(generatotBuilder.build(sha1Signer, serverCertificate)); generator.addCertificate(new X509CertificateHolder(serverCertificate.getEncoded())); generator.addCertificate(new X509CertificateHolder(caCertificate.getEncoded())); CMSProcessableByteArray bytes = new CMSProcessableByteArray(mobileconfig); CMSSignedData signedData = generator.generate(bytes, true); return signedData.getEncoded(); }
public DigestInfo preSign(List<DigestInfo> digestInfos, List<X509Certificate> signingCertificateChain, IdentityDTO identity, AddressDTO address, byte[] photo) throws NoSuchAlgorithmException { CMSSignedDataGenerator generator = createCMSSignedDataGenerator(signingCertificateChain); byte[] toBeSigned = getToBeSigned(); CMSProcessable content = new CMSProcessableByteArray(toBeSigned); CMSProvider provider = new CMSProvider(); SHA1WithRSAProxySignature.reset(); try { generator.generate(content, true, provider); } catch (CMSException e) { throw new RuntimeException(e); } byte[] digestValue = SHA1WithRSAProxySignature.getDigestValue(); String description = getSignatureDescription(); DigestInfo digestInfo = new DigestInfo(digestValue, "SHA1", description); return digestInfo; }
private byte[] sign(byte[] data) throws SignatureException { CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); try { ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").build(this.privateKey); cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build()) .build(contentSigner, this.certificateChain.get(0))); for (X509Certificate certificate : this.certificateChain) { cmsSignedDataGenerator.addCertificate(new X509CertificateHolder(certificate.getEncoded())); } CMSTypedData cmsTypedData = new CMSProcessableByteArray(data); CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(cmsTypedData, true); return cmsSignedData.getEncoded(); } catch (Exception e) { throw new SignatureException(e); } }
@Override public byte[] getDataToSign(final DSSDocument toSignDocument, final SignatureParameters parameters) throws DSSException { assertSigningDateInCertificateValidityRange(parameters); final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm(); final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId()); final PDFSignatureService pdfSignatureService = PdfObjFactory.getInstance().newPAdESSignatureService(); final InputStream inputStream = toSignDocument.openStream(); final byte[] messageDigest = pdfSignatureService.digest(inputStream, parameters, parameters.getDigestAlgorithm()); DSSUtils.closeQuietly(inputStream); SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest); final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner, signerInfoGeneratorBuilder, null); final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest); DSSASN1Utils.generateCMSSignedData(generator, content, false); final byte[] dataToSign = customContentSigner.getOutputStream().toByteArray(); return dataToSign; }
@Override public byte[] getDataToSign(final DSSDocument toSignDocument, final SignatureParameters parameters) throws DSSException { assertSigningDateInCertificateValidityRange(parameters); final SignaturePackaging packaging = parameters.getSignaturePackaging(); assertSignaturePackaging(packaging); final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm(); final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId()); final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = cmsSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, false); final CMSSignedData originalCmsSignedData = getCmsSignedData(toSignDocument, parameters); final CMSSignedDataGenerator cmsSignedDataGenerator = cmsSignedDataBuilder .createCMSSignedDataGenerator(parameters, customContentSigner, signerInfoGeneratorBuilder, originalCmsSignedData); final DSSDocument toSignData = getToSignData(toSignDocument, parameters, originalCmsSignedData); final CMSProcessableByteArray content = new CMSProcessableByteArray(toSignData.getBytes()); final boolean encapsulate = !SignaturePackaging.DETACHED.equals(packaging); DSSASN1Utils.generateCMSSignedData(cmsSignedDataGenerator, content, encapsulate); final byte[] bytes = customContentSigner.getOutputStream().toByteArray(); return bytes; }