/** * Returns a new instance of MessageDigest for a given digest algorithm * * @param digestAlgorithm * the digest algoritm * @return a new instance of MessageDigest */ public static MessageDigest getMessageDigest(final DigestAlgorithm digestAlgorithm) { try { final String digestAlgorithmOid = digestAlgorithm.getOid(); return MessageDigest.getInstance(digestAlgorithmOid, BouncyCastleProvider.PROVIDER_NAME); } catch (GeneralSecurityException e) { throw new DSSException("Digest algorithm '" + digestAlgorithm.getName() + "' error: " + e.getMessage(), e); } }
@Override public DigestAlgorithm getDigestAlgorithm() { String signatureDigestAlgorithmName = getDigestAlgoUsedToSignThisToken(); return DigestAlgorithm.forName(signatureDigestAlgorithmName, null); }
private DigestAlgorithm getExtensionDigestAlgorithm(byte[] octets) { ASN1Encodable oid = ASN1Sequence.getInstance(octets).getObjectAt(0); String oidString = ((DLSequence) oid).getObjects().nextElement().toString(); return DigestAlgorithm.forOID(oidString); } }
protected AlgorithmParameterSpec createPSSParam(DigestAlgorithm digestAlgo) { String digestJavaName = digestAlgo.getJavaName(); return new PSSParameterSpec(digestJavaName, "MGF1", new MGF1ParameterSpec(digestJavaName), digestAlgo.getSaltLength(), 1); } }
@Override public void startElement(String uri, String localName, String qName, Attributes attributes) { if ("ds:SignedInfo".equals(qName)) { signedInfo = true; } if (signedInfo && "ds:Reference".equals(qName)) { reference = true; currentDatafile = new Datafile(); for (int i = 0; i < attributes.getLength(); i++) { if ("URI".equals(attributes.getQName(i))) { try { currentDatafile.setFilename(URLDecoder.decode(attributes.getValue(i), "UTF-8")); } catch (UnsupportedEncodingException e) { throw new IllegalArgumentException("Invalid file name"); } } } } if (signedInfo && reference && "ds:DigestMethod".equals(qName)) { for (int i = 0; i < attributes.getLength(); i++) { if ("Algorithm".equals(attributes.getQName(i))) { currentDatafile.setHashAlgo(DigestAlgorithm.forXML(attributes.getValue(i)).getName()); } } } }
private void signContainerWithTst(AsicContainer asicContainer) { if (this.context.getCommandLine().hasOption("tst") && !(this.context.getCommandLine().hasOption("pkcs12") || this.context.getCommandLine().hasOption("pkcs11"))) { DigestAlgorithm digestAlgorithm = DigestAlgorithm.SHA256; if (this.context.getCommandLine().hasOption("datst")) { String digestAlgorithmStr = this.context.getCommandLine().getOptionValue("datst"); if (StringUtils.isNotBlank(digestAlgorithmStr)) { digestAlgorithm = DigestAlgorithm.forName(digestAlgorithmStr); } } LOGGER.info("Digest algorithm to calculate data file hash: " + digestAlgorithm.getName()); if (this.context.getCommandLine().hasOption("add")) { if (asicContainer.getDataFiles().size() > 1) { throw new DigiDoc4JException("Data file in container already exists. Should be only one data file in case of ASiCS container."); } String[] optionValues = this.context.getCommandLine().getOptionValues("add"); DataFile dataFile = new DataFile(optionValues[0], optionValues[1]); DataFile tst = TimestampToken.generateTimestampToken(digestAlgorithm, dataFile); asicContainer.setTimeStampToken(tst); this.fileHasChanged = true; } } }
public eu.europa.esig.dss.DigestAlgorithm getDssDigestAlgorithm() { return eu.europa.esig.dss.DigestAlgorithm.forXML(uri.toString()); }
private MessageDigest getMessageDigest(DigestAlgorithm digestAlgorithm) { try { return MessageDigest.getInstance(digestAlgorithm.getOid(), BouncyCastleProvider.PROVIDER_NAME); } catch (GeneralSecurityException e) { throw new DSSException("Cannot generate a MessageDigest", e); } }
/** * Calculates digest for data file. If digest is already calculated returns it, otherwise calculates the digest. * <p>Supported uris for BDoc:</p> * <br>http://www.w3.org/2000/09/xmldsig#sha1 * <br>http://www.w3.org/2001/04/xmldsig-more#sha224 * <br>http://www.w3.org/2001/04/xmlenc#sha256 * <br>http://www.w3.org/2001/04/xmldsig-more#sha384 * <br>http://www.w3.org/2001/04/xmlenc#sha512 * <p>In case of DDoc files the parameter is ignored and SHA1 hash is always returned</p> * * @param method method uri for calculating the digest * @return calculated digest */ public byte[] calculateDigest(URL method) { // TODO exceptions to throw logger.debug("URL method: " + method); if (digest == null) { DigestAlgorithm digestAlgorithm = DigestAlgorithm.forXML(method.toString()); digest = new Digest(digestAlgorithm, calculateDigestInternal(digestAlgorithm)); } else { logger.debug("Returning existing digest value"); } return digest.getValue(); }
/** * Gets the ASN.1 algorithm identifier structure corresponding to a digest algorithm * * @param digestAlgorithm * the digest algorithm to encode * @return the ASN.1 algorithm identifier structure */ public static AlgorithmIdentifier getAlgorithmIdentifier(DigestAlgorithm digestAlgorithm) { /* * The recommendation (cf. RFC 3380 section 2.1) is to omit the parameter for SHA-1, but some implementations * still expect a * NULL there. Therefore we always include a NULL parameter even with SHA-1, despite the recommendation, because * the RFC * states that implementations SHOULD support it as well anyway */ final ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(digestAlgorithm.getOid()); return new AlgorithmIdentifier(asn1ObjectIdentifier, DERNull.INSTANCE); }
try { if (LOG.isTraceEnabled()) { LOG.trace("Timestamp digest algorithm: {}", digestAlgorithm.getName()); LOG.trace("Timestamp digest value : {}", Utils.toHex(digest)); ASN1ObjectIdentifier asn1ObjectIdentifier = new ASN1ObjectIdentifier(digestAlgorithm.getOid()); TimeStampRequest timeStampRequest = null; if (nonceSource == null) {
private byte[] signECDSA(DigestAlgorithm digestAlgorithm, byte[] dataToSign) { try { logger.debug("Signing with PKCS#11 and " + digestAlgorithm.name()); ToBeSigned toBeSigned = new ToBeSigned(dataToSign); eu.europa.esig.dss.DigestAlgorithm dssDigestAlgorithm = eu.europa.esig.dss.DigestAlgorithm.forXML(digestAlgorithm.toString()); SignatureValue signature = signatureTokenConnection.sign(toBeSigned, dssDigestAlgorithm, privateKeyEntry); return signature.getValue(); } catch (Exception e) { logger.error("Failed to sign with PKCS#11: " + e.getMessage()); throw new TechnicalException("Failed to sign with PKCS#11: " + e.getMessage(), e); } /* */ }
/** * This method extracts the CertHash extension if present * * Common PKI Part 4: Operational Protocols * 3.1.2 Common PKI Private OCSP Extensions * * CertHash ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * certificateHash OCTET STRING } * * @param bestSingleResp * the related SingleResponse */ private void extractCertHashExtension(SingleResp bestSingleResp) { Extension extension = bestSingleResp.getExtension(ISISMTTObjectIdentifiers.id_isismtt_at_certHash); if (extension != null) { try { CertHash asn1CertHash = CertHash.getInstance(extension.getParsedValue()); DigestAlgorithm digestAlgo = DigestAlgorithm.forOID(asn1CertHash.getHashAlgorithm().getAlgorithm().getId()); certHash = new Digest(digestAlgo, asn1CertHash.getCertificateHash()); } catch (Exception e) { LOG.warn("Unable to extract id_isismtt_at_certHash : " + e.getMessage()); } } }
public SignedInfo(byte[] dataToDigest, SignatureParameters signatureParameters) { DigestAlgorithm digestAlgorithm = signatureParameters.getDigestAlgorithm(); digestToSign = DSSUtils.digest(forXML(digestAlgorithm.toString()), dataToDigest); this.signatureParameters = signatureParameters; }
@Override public byte[] sign(org.digidoc4j.DigestAlgorithm digestAlgorithm, byte[] dataToSign) { logger.info("Signing with PKCS#12 signature token, using digest algorithm: " + digestAlgorithm.name()); ToBeSigned toBeSigned = new ToBeSigned(dataToSign); eu.europa.esig.dss.DigestAlgorithm dssDigestAlgorithm = eu.europa.esig.dss.DigestAlgorithm.forXML(digestAlgorithm.toString()); SignatureValue signature = signatureTokenConnection.sign(toBeSigned, dssDigestAlgorithm, keyEntry); return signature.getValue(); }