DefaultSignatureAlgorithmIdentifierFinder sigAlgoFinder = new DefaultSignatureAlgorithmIdentifierFinder(); DefaultDigestAlgorithmIdentifierFinder hashAlgoFinder = new DefaultDigestAlgorithmIdentifierFinder(); BcDigestCalculatorProvider calculator = new BcDigestCalculatorProvider(); BcRSASignerInfoVerifierBuilder verifierBuilder = new BcRSASignerInfoVerifierBuilder(nameGen, sigAlgoFinder, hashAlgoFinder, calculator); SignerInformationVerifier verifier = verifierBuilder.build(holder);
TimeStampToken token = new TimeStampToken(new CMSSignedData(response)); InputStream in = new FileInputStream("tsp.cer"); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) factory.generateCertificate(in); //RSA Signature processing with BC X509CertificateHolder holder = new X509CertificateHolder(cert.getEncoded()); SignerInformationVerifier siv = new BcRSASignerInfoVerifierBuilder(new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(holder); //Signature processing with JCA and other provider //X509CertificateHolder holderJca = new JcaX509CertificateHolder(cert); //SignerInformationVerifier sivJca = new JcaSimpleSignerInfoVerifierBuilder().setProvider("anotherprovider").build(holderJca); token.validate(siv);
static boolean checkIfIssuersMatch(CertificateID certID, X509Certificate issuerCert) throws CertificateEncodingException, IOException, OCSPException { return certID.matchesIssuer(new X509CertificateHolder(issuerCert.getEncoded()), new BcDigestCalculatorProvider()); }
static boolean checkIfIssuersMatch(CertificateID certID, X509Certificate issuerCert) throws CertificateEncodingException, IOException, OCSPException { return certID.matchesIssuer(new X509CertificateHolder(issuerCert.getEncoded()), new BcDigestCalculatorProvider()); }
/** * @param signedAttributeGenerator the signedAttribute generator * @param unsignedAttributeGenerator the unsignedAttribute generator * @return a SignerInfoGeneratorBuilder that generate the signed and unsigned attributes according to the parameters */ private SignerInfoGeneratorBuilder getSignerInfoGeneratorBuilder(DefaultSignedAttributeTableGenerator signedAttributeGenerator, SimpleAttributeTableGenerator unsignedAttributeGenerator) { final DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider(); SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(digestCalculatorProvider); sigInfoGeneratorBuilder.setSignedAttributeGenerator(signedAttributeGenerator); sigInfoGeneratorBuilder.setUnsignedAttributeGenerator(unsignedAttributeGenerator); return sigInfoGeneratorBuilder; }
private static SubjectKeyIdentifier publicKeyToSubjectKeyIdentifier(PublicKey publicKey) throws OperatorCreationException { SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils utils = new X509ExtensionUtils(digCalc); return utils.createSubjectKeyIdentifier(pubKeyInfo); }
private static SubjectKeyIdentifier publicKeyToSubjectKeyIdentifier(PublicKey publicKey) throws OperatorCreationException { SubjectPublicKeyInfo pubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()); DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils utils = new X509ExtensionUtils(digCalc); return utils.createSubjectKeyIdentifier(pubKeyInfo); }
/** * This method recreates a {@code SignerInformation} with the content using a {@code CMSSignedDataParser}. * * @return * @throws CMSException * @throws IOException */ private SignerInformation recreateSignerInformation() throws CMSException, IOException { final DSSDocument dssDocument = detachedContents.get(0); // only one element for CAdES Signature final InputStream inputStream = dssDocument.openStream(); final CMSTypedStream signedContent = new CMSTypedStream(inputStream); final CMSSignedDataParser cmsSignedDataParser = new CMSSignedDataParser(new BcDigestCalculatorProvider(), signedContent, cmsSignedData.getEncoded()); cmsSignedDataParser.getSignedContent().drain(); // Closes the stream final SignerId signerId = signerInformation.getSID(); final SignerInformation signerInformationToCheck = cmsSignedDataParser.getSignerInfos().get(signerId); return signerInformationToCheck; }
public static byte[] sign(Certificate cert,KeyPair pair) { ContentSigner signGen = null; X509CertificateHolder certHolder = new X509CertificateHolder(cert); try { signGen = new JcaContentSignerBuilder(CertManagerConstants.CERT_ALGORITHM.SHA1withRSA.toString()).setProvider(CertManagerConstants.BC).build(pair.getPrivate()); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); try { gen.addSignerInfoGenerator( new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()) .build(signGen,certHolder)); } catch (OperatorCreationException e) { e.printStackTrace(); return null; } return certHolder.getSignature(); }
if (!resp[i].getCertID().matchesIssuer(new X509CertificateHolder(issuerCert.getEncoded()), new BcDigestCalculatorProvider())) { LOGGER.info("OCSP: Issuers doesn't match."); continue;
new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
throw new IllegalArgumentException("Need at least one responder"); try { DigestCalculator digCalc = new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
final PAdESLevelBaselineB pAdESProfileEPES = new PAdESLevelBaselineB(); final DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider();
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); gen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo));
DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)); X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(digCalc); gen.addExtension(Extension.subjectKeyIdentifier, false, x509ExtensionUtils.createSubjectKeyIdentifier(publicKeyInfo));
private boolean checkCertIDMatching(X509Certificate toFind, X509Certificate issuerCert, CertificateID checkedCertId) throws OCSPException { try { JcaX509CertificateHolder issuerCertHolder = new JcaX509CertificateHolder(issuerCert); DigestCalculator digCalc = new BcDigestCalculatorProvider().get(new AlgorithmIdentifier( checkedCertId.getHashAlgOID())); CertificateID certId = new CertificateID(digCalc, issuerCertHolder, toFind.getSerialNumber()); return certId.getHashAlgOID().equals(checkedCertId.getHashAlgOID()) && Arrays.equals(certId.getIssuerKeyHash(), checkedCertId.getIssuerKeyHash()) && Arrays.equals(certId.getIssuerNameHash(), checkedCertId.getIssuerNameHash()); } catch (OperatorCreationException e) { throw new OCSPException("Cant get digester for the checked certificate, the algorithm " + "is: " + checkedCertId.getHashAlgOID(), e); } catch (CertificateEncodingException e) { throw new OCSPException("Issuer certificate is unsupported", e); } }
try DigestCalculator digestCalc = new BcDigestCalculatorProvider().get(CertificateID.HASH_SHA1); X509CertificateHolder issuerCertHolder = new JcaX509CertificateHolder(issuerCert); certId = new CertificateID(digestCalc, issuerCertHolder, toCheckCert.getSerialNumber());