@Override public byte[] sign(final byte[] bytes, final DigestAlgorithm digestAlgorithm, final DSSPrivateKeyEntry keyEntry) throws DSSException { final EncryptionAlgorithm encryptionAlgorithm = keyEntry.getEncryptionAlgorithm(); LOG.info("Signature algorithm: " + encryptionAlgorithm + "/" + digestAlgorithm); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); final String javaSignatureAlgorithm = signatureAlgorithm.getJCEId(); final byte[] encryptedBytes = DSSUtils.encrypt(javaSignatureAlgorithm, keyEntry.getPrivateKey(), bytes); return encryptedBytes; } }
@Override public EncryptionAlgorithm getEncryptionAlgorithm() { final String xmlName = DSSXMLUtils.getElement(signatureElement, xPathQueryHolder.XPATH_SIGNATURE_METHOD).getAttribute(XMLE_ALGORITHM); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forXML(xmlName, null); if (signatureAlgorithm == null) { return null; } return signatureAlgorithm.getEncryptionAlgorithm(); }
@Override public DigestAlgorithm getDigestAlgorithm() { final String xmlName = DSSXMLUtils.getElement(signatureElement, xPathQueryHolder.XPATH_SIGNATURE_METHOD).getAttribute(XMLE_ALGORITHM); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forXML(xmlName, null); if (signatureAlgorithm == null) { return null; } return signatureAlgorithm.getDigestAlgorithm(); }
@Override public String toString(String indentStr) { final StringWriter out = new StringWriter(); out.append(indentStr).append("OCSPToken["); out.append("ProductionTime: ").append(DSSUtils.formatInternal(issuingTime)).append("; "); out.append("ThisUpdate: ").append(DSSUtils.formatInternal(singleResp.getThisUpdate())).append("; "); out.append("NextUpdate: ").append(DSSUtils.formatInternal(singleResp.getNextUpdate())).append('\n'); out.append("SignedBy: ").append(issuerToken != null ? issuerToken.getDSSIdAsString() : null).append('\n'); indentStr += "\t"; out.append(indentStr).append("Signature algorithm: ").append(algorithmUsedToSignToken == null ? "?" : algorithmUsedToSignToken.getJCEId()).append('\n'); out.append(issuerToken != null ? issuerToken.toString(indentStr) : null).append('\n'); final List<String> validationExtraInfo = extraInfo.getValidationInfo(); if (validationExtraInfo.size() > 0) { for (final String info : validationExtraInfo) { out.append('\n').append(indentStr).append("\t- ").append(info); } out.append('\n'); } indentStr = indentStr.substring(1); out.append(indentStr).append("]"); return out.toString(); }
/** * This setter should be used only when dealing with web services (or when signing in three steps). Usually the encryption algorithm is automatically extrapolated from the * private key. * * @param encryptionAlgorithm */ public void setEncryptionAlgorithm(final EncryptionAlgorithm encryptionAlgorithm) { this.encryptionAlgorithm = encryptionAlgorithm; if (this.digestAlgorithm != null && this.encryptionAlgorithm != null) { signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); } }
/** * Creates a CertificateToken wrapping the provided X509Certificate. A certificate must come from a source like: * trusted store, trusted list, signature... * * @param x509Certificate X509Certificate * @param id DSS internal id (unique certificate's identifier) */ protected CertificateToken(X509Certificate x509Certificate, int id) { this.dssId = id; this.x509Certificate = x509Certificate; this.issuerX500Principal = DSSUtils.getIssuerX500Principal(x509Certificate); // The Algorithm OID is used and not the name {@code x509Certificate.getSigAlgName()} final String sigAlgOID = x509Certificate.getSigAlgOID(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forOID(sigAlgOID); this.algorithmUsedToSignToken = signatureAlgorithm; super.extraInfo = this.extraInfo = new CertificateTokenValidationExtraInfo(); }
final SignatureAlgorithm revocationSignatureAlgo = revocationToken.getSignatureAlgorithm(); final boolean unknownAlgorithm = revocationSignatureAlgo == null; final String encryptionAlgorithmName = unknownAlgorithm ? "?" : revocationSignatureAlgo.getEncryptionAlgorithm().getName(); xmlBasicSignatureType.setEncryptionAlgoUsedToSignThisToken(encryptionAlgorithmName); final String keyLength = revocationToken.getKeyLength(); xmlBasicSignatureType.setKeyLengthUsedToSignThisToken(keyLength); final String digestAlgorithmName = unknownAlgorithm ? "?" : revocationSignatureAlgo.getDigestAlgorithm().getName(); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(digestAlgorithmName); final boolean signatureValid = revocationToken.isSignatureValid();
public void incorporateSignedInfo() { // <ds:SignedInfo> signedInfoDom = DSSXMLUtils.addElement(documentDom, signatureDom, XMLNS, DS_SIGNED_INFO); incorporateCanonicalizationMethod(signedInfoDom, signedInfoCanonicalizationMethod); //<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> final Element signatureMethod = DSSXMLUtils.addElement(documentDom, signedInfoDom, XMLNS, DS_SIGNATURE_METHOD); final EncryptionAlgorithm encryptionAlgorithm = params.getEncryptionAlgorithm(); final DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); final String signatureAlgorithmXMLId = signatureAlgorithm.getXMLId(); signatureMethod.setAttribute(ALGORITHM, signatureAlgorithmXMLId); }
final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forOID(oid); return signatureAlgorithm.getEncryptionAlgorithm();
/** * @inheritDoc */ public String engineGetURI() { return SignatureAlgorithm.ECDSA_RIPEMD160.getXMLId(); } }
/** * Gets the ASN.1 algorithm identifier structure corresponding to this digest algorithm * * @return the AlgorithmIdentifier */ public AlgorithmIdentifier getAlgorithmIdentifier() { final String jceId = getJCEId(); final ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(jceId); final AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(asn1ObjectIdentifier, DERNull.INSTANCE); return algorithmIdentifier; // final String jceId = getJCEId(); // final AlgorithmIdentifier digAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(jceId); // return digAlgId; } }
/** * @param digestAlgorithm the digest algorithm to set */ public void setDigestAlgorithm(final DigestAlgorithm digestAlgorithm) { this.digestAlgorithm = digestAlgorithm; if (this.digestAlgorithm != null && this.encryptionAlgorithm != null) { signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); } }
private void setDefaultValues() { final X509CRL x509crl = crlValidity.x509CRL; final String sigAlgOID = x509crl.getSigAlgOID(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forOID(sigAlgOID); this.algorithmUsedToSignToken = signatureAlgorithm; this.issuingTime = x509crl.getThisUpdate(); this.nextUpdate = x509crl.getNextUpdate(); issuerX500Principal = x509crl.getIssuerX500Principal(); this.extraInfo = new TokenValidationExtraInfo(); issuerToken = crlValidity.issuerToken; signatureValid = crlValidity.signatureIntact; signatureInvalidityReason = crlValidity.signatureInvalidityReason; }
xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName()); xmlBasicSignatureType.setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm().getName()); final String keyLength = certToken.getKeyLength(); xmlBasicSignatureType.setKeyLengthUsedToSignThisToken(keyLength);
@Override public byte[] getDataToSign(final DSSDocument toSignDocument, final SignatureParameters parameters) throws DSSException { assertSigningDateInCertificateValidityRange(parameters); final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm(); final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId()); final PDFSignatureService pdfSignatureService = PdfObjFactory.getInstance().newPAdESSignatureService(); final InputStream inputStream = toSignDocument.openStream(); final byte[] messageDigest = pdfSignatureService.digest(inputStream, parameters, parameters.getDigestAlgorithm()); DSSUtils.closeQuietly(inputStream); SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = padesCMSSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, messageDigest); final CMSSignedDataGenerator generator = padesCMSSignedDataBuilder.createCMSSignedDataGenerator(parameters, customContentSigner, signerInfoGeneratorBuilder, null); final CMSProcessableByteArray content = new CMSProcessableByteArray(messageDigest); DSSASN1Utils.generateCMSSignedData(generator, content, false); final byte[] dataToSign = customContentSigner.getOutputStream().toByteArray(); return dataToSign; }
/** * This method sets the private key entry used to create the signature. Note that the certificate chain is reset, the encryption algorithm is set and the signature algorithm * is updated. * * @param privateKeyEntry the private key entry used to sign? */ public void setPrivateKeyEntry(final DSSPrivateKeyEntry privateKeyEntry) { this.privateKeyEntry = privateKeyEntry; // When the private key entry is set the certificate chain is reset certificateChain.clear(); setSigningCertificate(privateKeyEntry.getCertificate()); setCertificateChain(privateKeyEntry.getCertificateChain()); final String encryptionAlgorithmName = this.signingCertificate.getPublicKey().getAlgorithm(); this.encryptionAlgorithm = EncryptionAlgorithm.forName(encryptionAlgorithmName); this.signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); }
setStatus(singleResp.getCertStatus()); final ASN1ObjectIdentifier signatureAlgOID = basicOCSPResp.getSignatureAlgOID(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forOID(signatureAlgOID.getId()); this.algorithmUsedToSignToken = signatureAlgorithm; this.extraInfo = new TokenValidationExtraInfo();
if (signatureAlgorithm != null) { xmlBasicSignatureType.setEncryptionAlgoUsedToSignThisToken(signatureAlgorithm.getEncryptionAlgorithm().getName()); xmlBasicSignatureType.setDigestAlgoUsedToSignThisToken(signatureAlgorithm.getDigestAlgorithm().getName());
@Override public byte[] getDataToSign(final DSSDocument toSignDocument, final SignatureParameters parameters) throws DSSException { assertSigningDateInCertificateValidityRange(parameters); final SignaturePackaging packaging = parameters.getSignaturePackaging(); assertSignaturePackaging(packaging); final SignatureAlgorithm signatureAlgorithm = parameters.getSignatureAlgorithm(); final CustomContentSigner customContentSigner = new CustomContentSigner(signatureAlgorithm.getJCEId()); final SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = cmsSignedDataBuilder.getSignerInfoGeneratorBuilder(parameters, false); final CMSSignedData originalCmsSignedData = getCmsSignedData(toSignDocument, parameters); final CMSSignedDataGenerator cmsSignedDataGenerator = cmsSignedDataBuilder .createCMSSignedDataGenerator(parameters, customContentSigner, signerInfoGeneratorBuilder, originalCmsSignedData); final DSSDocument toSignData = getToSignData(toSignDocument, parameters, originalCmsSignedData); final CMSProcessableByteArray content = new CMSProcessableByteArray(toSignData.getBytes()); final boolean encapsulate = !SignaturePackaging.DETACHED.equals(packaging); DSSASN1Utils.generateCMSSignedData(cmsSignedDataGenerator, content, encapsulate); final byte[] bytes = customContentSigner.getOutputStream().toByteArray(); return bytes; }
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); } final TimestampValidation timestampValidation = validateTimestampToken(timeStamp, issuerToken); final TimestampValidity timestampValidity = timestampValidation.getValidity(); signatureInvalidityReason = timestampValidity.name(); signatureValid = timestampValidation.isValid(); if (signatureValid) { this.issuerToken = issuerToken; issuerX500Principal = issuerToken.getSubjectX500Principal(); final String algorithm = issuerToken.getPublicKey().getAlgorithm(); final EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.forName(algorithm); final AlgorithmIdentifier hashAlgorithm = timeStamp.getTimeStampInfo().getHashAlgorithm(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(hashAlgorithm.getAlgorithm()); algorithmUsedToSignToken = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); } return signatureValid; }