private static byte[] generateSignatureBlock( SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException { JcaCertStore certs = new JcaCertStore(signerConfig.certificates); X509Certificate signerCert = signerConfig.certificates.get(0); String jcaSignatureAlgorithm =
JcaCertStore certStore = new JcaCertStore(allowedVerifyCerts); Collection<X509CertificateHolder> certCollection = certStore.getMatches(signer.getSID());
Store certstore = new JcaCertStore(certlist);
verifyCertificateChain(new JcaCertStore(certs), cert, sig.getSignDate().getTime());
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, cert)); gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain))); CMSProcessableInputStream msg = new CMSProcessableInputStream(content); CMSSignedData signedData = gen.generate(msg, false);
private Store generatedCertStore() { Store result = null; try { List<Certificate> certificates = new ArrayList<>(); certificates.addAll(Arrays.asList(certificateChain)); CollectionCertStoreParameters cert = new CollectionCertStoreParameters(certificates); result = new JcaCertStore(certificates); } catch (CertificateEncodingException ex) { throw new SignerException(ex); } return result; }
public static void addCmsCertSet(CMSSignedDataGenerator generator, X509Certificate[] cmsCertSet) throws CertificateEncodingException, CMSException { if (cmsCertSet == null || cmsCertSet.length == 0) { return; } requireNonNull("geneator", generator); Collection<X509Certificate> certColl = new LinkedList<X509Certificate>(); for (X509Certificate m : cmsCertSet) { certColl.add(m); } JcaCertStore certStore = new JcaCertStore(certColl); generator.addCertificates(certStore); }
private JcaCertStore getCertificates() throws MessageEncodingException { Collection<X509Certificate> certColl = new LinkedList<X509Certificate>(); certColl.add(signerId); if (this.chain != null) { for (X509Certificate c : this.chain) { certColl.add(c); LOGGER.debug("Add ca certificate {} to signed data", c.getSubjectX500Principal().toString()); } } JcaCertStore certStore; try { certStore = new JcaCertStore(certColl); } catch (CertificateEncodingException e) { throw new MessageEncodingException(e); } return certStore; }
/** * The order of the certificates is important, the fist one must be the signing certificate. * * @return a store with the certificate chain of the signing certificate. The {@code Collection} is unique. * @throws CertificateEncodingException */ private JcaCertStore getJcaCertStore(final Collection<X509Certificate> certificateChain, boolean trustAnchorBPPolicy) { try { final Collection<X509Certificate> certs = new ArrayList<X509Certificate>(); for (final X509Certificate certificateInChain : certificateChain) { // CAdES-Baseline-B: do not include certificates found in the trusted list if (trustAnchorBPPolicy) { final X500Principal subjectX500Principal = certificateInChain.getSubjectX500Principal(); final TrustedCertificateSource trustedCertSource = certificateVerifier.getTrustedCertSource(); if (trustedCertSource != null) { if (!trustedCertSource.get(subjectX500Principal).isEmpty()) { continue; } } } certs.add(certificateInChain); } return new JcaCertStore(certs); } catch (CertificateEncodingException e) { throw new DSSException(e); } }
JcaCertStore store; try { store = new JcaCertStore(certs); } catch (CertificateEncodingException e) { IOException ioe = new IOException();
private CMSSignedData getMessageData(final List<X509Certificate> certs) throws IOException, CMSException, GeneralSecurityException { CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); JcaCertStore store; try { store = new JcaCertStore(certs); } catch (CertificateEncodingException e) { IOException ioe = new IOException(); ioe.initCause(e); throw ioe; } generator.addCertificates(store); return generator.generate(new CMSAbsentContent()); }
CMSTypedData msg = new CMSProcessableByteArray(signature.sign()); certList.add(cert); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey);
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias); certList.add(cert); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build((PrivateKey) keyStore.getKey(alias, password));
Store certs = new JcaCertStore(certList);
generator.addSignerInfoGenerator(signerInfoGenerator); Store certStore = new JcaCertStore(certList); generator.addCertificates(certStore);
/** * Sign content * * @param data Content to be signed * @return Signature */ byte[] signData(byte[] data) { try { DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build(); ContentSigner contentSigner = jcaContentSignerBuilder.build(keyPair.getPrivate()); SignerInfoGenerator signerInfoGenerator = new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider).build(contentSigner, x509Certificate); CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator(); cmsSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator); cmsSignedDataGenerator.addCertificates(new JcaCertStore(Collections.singletonList(x509Certificate))); CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(new CMSProcessableByteArray(data), false); logger.debug(BaseEncoding.base64().encode(cmsSignedData.getEncoded())); return cmsSignedData.getEncoded(); } catch (Exception e) { throw new IllegalStateException(String.format("Unable to sign: %s", e.getMessage()), e); } }
new CollectionCertStoreParameters(certList), "BC"); jcaCertStore = new JcaCertStore(certList);
generator.addSignerInfoGenerator(signerInfoGenerator); Store<?> certStore = new JcaCertStore(certList); generator.addCertificates(certStore);
JcaCertStore store; try { store = new JcaCertStore(certs); } catch (CertificateEncodingException e) { IOException ioe = new IOException();
verifyCertificateChain(new JcaCertStore(certs), cert, sig.getSignDate().getTime());