@Override public SignatureValue sign(ToBeSigned toBeSigned, DigestAlgorithm digestAlgorithm, MaskGenerationFunction mgf, DSSPrivateKeyEntry keyEntry) throws DSSException { if (!(keyEntry instanceof KSPrivateKeyEntry)) { throw new IllegalArgumentException("Only KSPrivateKeyEntry are supported"); } final EncryptionAlgorithm encryptionAlgorithm = keyEntry.getEncryptionAlgorithm(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm, mgf); final String javaSignatureAlgorithm = signatureAlgorithm.getJCEId(); LOG.info("Signature algorithm : {}", javaSignatureAlgorithm); try { final Signature signature = getSignatureInstance(javaSignatureAlgorithm); signature.initSign(((KSPrivateKeyEntry) keyEntry).getPrivateKey()); if (mgf != null) { signature.setParameter(createPSSParam(digestAlgorithm)); } signature.update(toBeSigned.getBytes()); final byte[] signatureValue = signature.sign(); SignatureValue value = new SignatureValue(); value.setAlgorithm(signatureAlgorithm); value.setValue(signatureValue); return value; } catch (Exception e) { throw new DSSException(e); } }
s.setBytes(1, token.getCrlEncoded()); s.setString(2, token.getSignatureAlgorithm().name());
cached.setKey(rs.getString(SQL_FIND_QUERY_ID)); cached.setCrlEncoded(rs.getBytes(SQL_FIND_QUERY_DATA)); cached.setSignatureAlgorithm(SignatureAlgorithm.valueOf(rs.getString(SQL_FIND_QUERY_SIGNATURE_ALGO))); cached.setThisUpdate(rs.getTimestamp(SQL_FIND_QUERY_THIS_UPDATE)); cached.setNextUpdate(rs.getTimestamp(SQL_FIND_QUERY_NEXT_UPDATE));
@Override public CRLValidity isValidCRL(InputStream crlStream, CertificateToken issuerToken) throws IOException { final CRLValidity crlValidity = new CRLValidity(); try (ByteArrayOutputStream baos = getDERContent(crlStream)) { CRLInfo crlInfos = getCrlInfos(baos); SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.forOID(crlInfos.getCertificateListSignatureAlgorithmOid()); byte[] digest = recomputeDigest(baos, getMessageDigest(signatureAlgorithm.getDigestAlgorithm())); crlValidity.setCrlEncoded(baos.toByteArray()); crlValidity.setSignatureAlgorithm(signatureAlgorithm); crlValidity.setThisUpdate(crlInfos.getThisUpdate()); crlValidity.setNextUpdate(crlInfos.getNextUpdate()); checkCriticalExtensions(crlValidity, crlInfos.getCriticalExtensions().keySet(), crlInfos.getCriticalExtension(Extension.issuingDistributionPoint.getId())); extractExpiredCertsOnCRL(crlValidity, crlInfos.getNonCriticalExtension(Extension.expiredCertsOnCRL.getId())); final X500Principal x509CRLIssuerX500Principal = crlInfos.getIssuer(); final X500Principal issuerTokenSubjectX500Principal = issuerToken.getSubjectX500Principal(); if (x509CRLIssuerX500Principal.equals(issuerTokenSubjectX500Principal)) { crlValidity.setIssuerX509PrincipalMatches(true); } checkSignatureValue(crlValidity, crlInfos.getSignatureValue(), digest, issuerToken); } return crlValidity; }
public void extractInfo() { if (basicOCSPResp != null) { this.productionDate = basicOCSPResp.getProducedAt(); this.signatureAlgorithm = SignatureAlgorithm.forOID(basicOCSPResp.getSignatureAlgOID().getId()); SingleResp bestSingleResp = getBestSingleResp(basicOCSPResp, certId); if (bestSingleResp != null) { this.thisUpdate = bestSingleResp.getThisUpdate(); this.nextUpdate = bestSingleResp.getNextUpdate(); extractStatusInfo(bestSingleResp); extractArchiveCutOff(bestSingleResp); extractCertHashExtension(bestSingleResp); } } }
@Override public String toString(String indentStr) { final StringWriter out = new StringWriter(); out.append(indentStr).append("OCSPToken["); out.append("ProductionTime: ").append(DSSUtils.formatInternal(productionDate)).append("; "); out.append("ThisUpdate: ").append(DSSUtils.formatInternal(thisUpdate)).append("; "); out.append("NextUpdate: ").append(DSSUtils.formatInternal(nextUpdate)).append('\n'); out.append("SignedBy: ").append(getIssuerX500Principal().toString()).append('\n'); indentStr += "\t"; out.append(indentStr).append("Signature algorithm: ").append(signatureAlgorithm == null ? "?" : signatureAlgorithm.getJCEId()).append('\n'); indentStr = indentStr.substring(1); out.append(indentStr).append("]"); return out.toString(); }
crlValidity.setSignatureAlgorithm(SignatureAlgorithm.forOID(sigAlgOID)); crlValidity.setThisUpdate(x509CRL.getThisUpdate()); crlValidity.setNextUpdate(x509CRL.getNextUpdate());
s.setString(3, token.getSignatureAlgorithm().name());