/** * This setter should be used only when dealing with web services (or when signing in three steps). Usually the encryption algorithm is automatically extrapolated from the * private key. * * @param encryptionAlgorithm */ public void setEncryptionAlgorithm(final EncryptionAlgorithm encryptionAlgorithm) { this.encryptionAlgorithm = encryptionAlgorithm; if (this.digestAlgorithm != null && this.encryptionAlgorithm != null) { signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); } }
/** * @param digestAlgorithm the digest algorithm to set */ public void setDigestAlgorithm(final DigestAlgorithm digestAlgorithm) { this.digestAlgorithm = digestAlgorithm; if (this.digestAlgorithm != null && this.encryptionAlgorithm != null) { signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); } }
@Override public byte[] sign(final byte[] bytes, final DigestAlgorithm digestAlgorithm, final DSSPrivateKeyEntry keyEntry) throws DSSException { final EncryptionAlgorithm encryptionAlgorithm = keyEntry.getEncryptionAlgorithm(); LOG.info("Signature algorithm: " + encryptionAlgorithm + "/" + digestAlgorithm); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); final String javaSignatureAlgorithm = signatureAlgorithm.getJCEId(); final byte[] encryptedBytes = DSSUtils.encrypt(javaSignatureAlgorithm, keyEntry.getPrivateKey(), bytes); return encryptedBytes; } }
/** * This method sets the private key entry used to create the signature. Note that the certificate chain is reset, the encryption algorithm is set and the signature algorithm * is updated. * * @param privateKeyEntry the private key entry used to sign? */ public void setPrivateKeyEntry(final DSSPrivateKeyEntry privateKeyEntry) { this.privateKeyEntry = privateKeyEntry; // When the private key entry is set the certificate chain is reset certificateChain.clear(); setSigningCertificate(privateKeyEntry.getCertificate()); setCertificateChain(privateKeyEntry.getCertificateChain()); final String encryptionAlgorithmName = this.signingCertificate.getPublicKey().getAlgorithm(); this.encryptionAlgorithm = EncryptionAlgorithm.forName(encryptionAlgorithmName); this.signatureAlgorithm = SignatureAlgorithm.getAlgorithm(this.encryptionAlgorithm, this.digestAlgorithm); }
public void incorporateSignedInfo() { // <ds:SignedInfo> signedInfoDom = DSSXMLUtils.addElement(documentDom, signatureDom, XMLNS, DS_SIGNED_INFO); incorporateCanonicalizationMethod(signedInfoDom, signedInfoCanonicalizationMethod); //<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> final Element signatureMethod = DSSXMLUtils.addElement(documentDom, signedInfoDom, XMLNS, DS_SIGNATURE_METHOD); final EncryptionAlgorithm encryptionAlgorithm = params.getEncryptionAlgorithm(); final DigestAlgorithm digestAlgorithm = params.getDigestAlgorithm(); final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); final String signatureAlgorithmXMLId = signatureAlgorithm.getXMLId(); signatureMethod.setAttribute(ALGORITHM, signatureAlgorithmXMLId); }
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); } final TimestampValidation timestampValidation = validateTimestampToken(timeStamp, issuerToken); final TimestampValidity timestampValidity = timestampValidation.getValidity(); signatureInvalidityReason = timestampValidity.name(); signatureValid = timestampValidation.isValid(); if (signatureValid) { this.issuerToken = issuerToken; issuerX500Principal = issuerToken.getSubjectX500Principal(); final String algorithm = issuerToken.getPublicKey().getAlgorithm(); final EncryptionAlgorithm encryptionAlgorithm = EncryptionAlgorithm.forName(algorithm); final AlgorithmIdentifier hashAlgorithm = timeStamp.getTimeStampInfo().getHashAlgorithm(); final DigestAlgorithm digestAlgorithm = DigestAlgorithm.forOID(hashAlgorithm.getAlgorithm()); algorithmUsedToSignToken = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm); } return signatureValid; }