/** * Signs a payload and returns a {@link ProtocolSignature} object * representing the signature. * @param payload the bits that are to be signed. * @return the {@link SignerInfo} object. */ public ProtocolSignature sign(byte[] payload) { try { Signature signer = Signature.getInstance( AlgorithmUtil.getJceName(algorithm)); signer.initSign(signingKey); signer.update(payload); return ProtocolSignature.newBuilder() .setSignatureBytes(ByteString.copyFrom(signer.sign())) .setSignerId(ByteString.copyFrom(signerInfo.getSignerId())) .setSignatureAlgorithm(algorithm) .build(); } catch (java.security.SignatureException e) { // This is thrown if the signer object isn't properly initialized. // Since we just made that object from scratch and initialized it, this // really shouldn't happen throw new IllegalStateException(e); } catch (InvalidKeyException e) { // we checked for this in the constructor - this really shouldn't happen throw new IllegalStateException(e); } catch (NoSuchAlgorithmException e) { // we checked for this in the constructor - this really shouldn't happen throw new IllegalStateException(e); } }
private byte[] calculateSignerId(List<? extends X509Certificate> certs) throws SignatureException { try { CertificateFactory certFactory = CertificateFactory.getInstance(X509); CertPath path = certFactory.generateCertPath(certs); byte[] encodedCertPath = path.getEncoded(PKI_PATH_ENCODING); MessageDigest digest = MessageDigest.getInstance( AlgorithmUtil.getJceName(getHashAlgorithm())); return digest.digest(encodedCertPath); } catch (CertificateException e) { throw new SignatureException("could not parse certificate chain", e); } catch (NoSuchAlgorithmException e) { throw new SignatureException("could not calculate hash of cert chain", e); } } }
/** * Public constructor. * @param alg the signature algorithm that this signer will use on all of its * signatures. * @param signingKey the signing key that this signer will use for all its * signatures. * @param signerInfo the signer info of this signer, i.e., the cert chain for * this signer. * @throws SignatureException if the private key provided can't be used, or * for some other reason we can't initialize the signer properly. */ public WaveSigner(SignatureAlgorithm alg, PrivateKey signingKey, SignerInfo signerInfo) throws SignatureException { this.algorithm = alg; this.signerInfo = signerInfo; this.signingKey = signingKey; try { // we'll check here whether we can make such a signer, but we won't use // it. We'll (re-)make a new signer object in the sign() method in order // to be thread-safe. Signature signer = Signature.getInstance(AlgorithmUtil.getJceName(alg)); signer.initSign(signingKey); } catch (InvalidKeyException e) { throw new SignatureException("private key does not match algorithm " + alg.toString(), e); } catch (NoSuchAlgorithmException e) { throw new SignatureException("can not generate signatures of type " + alg.toString(), e); } }
verifier = Signature.getInstance(AlgorithmUtil.getJceName( signatureInfo.getSignatureAlgorithm())); } catch (NoSuchAlgorithmException e) {