java source code of P12ContentSignerBuilder

xipki-master
- security
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        SecurityFactoryImpl.java
        CrlReason.java
        KeyCertPair.java
        CollectionAlgorithmValidator.java
        ConcurrentContentSigner.java
        SignerFactory.java
        ctlog
        CtLogMessages.java
        package-info.java
        CtLog.java
        CertpathValidationModel.java
        X509ExtensionType.java
        SignerFactoryRegister.java
        CryptException.java
        DHSigStaticKeyCertPair.java
        AbstractSecurityFactory.java
        pkcs12
        P12KeyGenerationResult.java
        P12KeyGenerator.java
        P12XdhMacContentSignerBuilder.java
        AESGmacContentSigner.java
        HmacContentSigner.java
        P12MacContentSignerBuilder.java
        KeypairWithCert.java
        KeystoreGenerationParameters.java
        package-info.java
        P12SignerFactory.java
        P12ContentSignerBuilder.java
        DfltConcurrentContentSigner.java
        BadInputException.java
        ExtensionExistence.java
        SignerConf.java
        FpIdCalculator.java
        util
        CmpFailureUtil.java
        DSAParameterCache.java
        AlgorithmUtil.java
        SignerUtil.java
        X509Util.java
        package-info.java
        GMUtil.java
        KeyUtil.java
        RSABrokenKey.java
        SecurityFactory.java
        NoIdleSignerException.java
        asn1
        Asn1StreamParser.java
        CrlStreamParser.java
        package-info.java
        SignerFactoryRegisterImpl.java
        KeyUsage.java
        XiSecurityException.java
        package-info.java
        SignerException.java
        X509Cert.java
        pkcs11
        P11IdentityId.java
        P11PlainRSASigner.java
        P11CryptServiceFactory.java
        P11Slot.java
        P11ContentSignerBuilder.java
        P11MacContentSignerBuilder.java
        P11Params.java
        P11TokenException.java
        P11DuplicateEntityException.java
        P11KeyParameter.java
        P11PrivateKey.java
        P11CryptServiceFactoryImpl.java
        P11CryptService.java
        iaik
        IaikP11Slot.java
        IaikP11ModuleFactory.java
        package-info.java
        IaikP11Identity.java
        IaikP11Module.java
        P11UnsupportedMechanismException.java
        P11ContentSigner.java
        P11Identity.java
        Pkcs11conf.java
        P11PermissionException.java
        package-info.java
        P11SignerFactory.java
        P11SlotIdentifier.java
        P11ModuleFactoryRegisterImpl.java
        P11ModuleFactory.java
        P11ModuleConf.java
        P11ObjectIdentifier.java
        DigestOutputStream.java
        P11Module.java
        P11RSAKeyParameter.java
        P11UnknownEntityException.java
        P11ModuleFactoryRegister.java
        AlgorithmCode.java
        EdECConstants.java
        KeypairGenerationResult.java
        cmp
        CmpUtf8Pairs.java
        PkiStatusInfo.java
        CmpUtil.java
        ProtectionVerificationResult.java
        VerifiedPkiMessage.java
        package-info.java
        ProtectionResult.java
        TlsExtensionType.java
        HashAlgo.java
        XiSecurityConstants.java
        CertRevocationInfo.java
        SignatureSigner.java
        XiWrappedContentSigner.java
        BadAsn1ObjectException.java
        SignatureAlgoControl.java
        HashCalculator.java
        IssuerHash.java
        AlgorithmValidator.java
        DSAPlainDigestSigner.java
        ObjectIdentifiers.java
        Providers.java
        XiContentSigner.java
        bc
        XiXDHContentVerifierProvider.java
        package-info.java
        XiRSAContentVerifierProviderBuilder.java
        XiECContentVerifierProviderBuilder.java
        XiEdDSAContentVerifierProvider.java
        Securities.java
        ConcurrentBagEntrySigner.java
    - test
      - resources
        crls
        crl-4
        ca.crt
        no-revoked-certs.crl
        crl-5
        ca.crt
        no-crlnumber.crl
        crl-6
        ca.crt
        no-extensions.crl
        crl-1
        ca.crt
        subcawithcrl1.crl
        crl-3
        ca.crt
        subcawithcrl1.crl
        crl-2
        ca1-crl.crl
        ca1-cert.crt
        ctlog-certs
        cab-domain-validated1.crt
        githubcom.pem
        letsencrypt
        google-xenon2020-pubkey.pem
        letsencrypt-org.pem
        ca-of-letsencrypt-org.pem
        cab-org-validated1.crt
        test1.p12
        test1.der
      - java
        org
        xipki
        security
        pkcs12
        test
        Pkcs12RSATest.java
        Pkcs12SHA256withRSATest.java
        test
        CtLogVerifyTest.java
        CtLogTest.java
        CrlStreamParserTest.java
        cmp
        test
        CmpUtf8PairsTest.java
  - pom.xml
- password
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        password
        Passwords.java
        PasswordResolverException.java
        OBFPasswordService.java
        PasswordCallback.java
        PasswordResolverImpl.java
        PasswordBasedEncryption.java
        PasswordResolver.java
        PBEPasswordService.java
        package-info.java
        SecurePasswordInputPanel.java
        PBEAlgo.java
        SinglePasswordResolver.java
    - test
      - java
        org
        xipki
        password
        test
        PBEWithHmacSHA256AndAES256Test.java
  - pom.xml
- ocsp-server
  - src
    - main
      - resources
        sql
        ocsp-cache-init.xml
        version
      - java
        org
        xipki
        ocsp
        server
        IssuerFilter.java
        QuadrupleState.java
        RequestOption.java
        OcspResponseStatus.java
        OcspResponderException.java
        Template.java
        ResponderImpl.java
        OcspServerImpl.java
        type
        ExtendedExtension.java
        Extensions.java
        OID.java
        ResponseData.java
        ResponderID.java
        package-info.java
        OcspRequest.java
        CertID.java
        ASN1Type.java
        Extension.java
        EncodingException.java
        WritableOnlyExtension.java
        TaggedCertSequence.java
        SingleResponse.java
        OcspServerConf.java
        ResponderOption.java
        store
        CrlDbCertStatusStore.java
        CrlInfo.java
        IssuerEntry.java
        IssuerStore.java
        SimpleIssuerEntry.java
        DbCertStatusStore.java
        package-info.java
        ResponseCacher.java
        ejbca
        package-info.java
        EjbcaCertStatusStore.java
        EjbcaIssuerStore.java
        EjbcaIssuerEntry.java
        ImportCrl.java
        CaDbCertStatusStore.java
        package-info.java
        ResponseSigner.java
        OCSPRespBuilder.java
    - test
      - java
        org
        xipki
        ocsp
        server
        impl
        test
        Foo.java
  - pom.xml
- shells
  - dbtool-shell
    - src
      - main
        java
        org
        xipki
        dbtool
        shell
        Actions.java
        package-info.java
    - pom.xml
  - security-shell
    - src
      - main
        java
        org
        xipki
        security
        shell
        P11Actions.java
        P12Actions.java
        Actions.java
        SecurityCompleters.java
        package-info.java
      - test
        java
        org
        xipki
        security
        shell
        test
        ExtensionsConfCreatorDemo.java
    - pom.xml
  - qa-shell
    - src
      - main
        java
        org
        xipki
        qa
        shell
        QaSecurityActions.java
        QaCaActions.java
        QaP11Actions.java
        package-info.java
        QaCompleters.java
        QaOcspActions.java
    - pom.xml
  - ocsp-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        mgmt
        shell
        Actions.java
        package-info.java
    - pom.xml
  - cmpclient-shell
    - src
      - main
        java
        org
        xipki
        cmpclient
        shell
        Actions.java
        CmpClientCompleters.java
        package-info.java
    - pom.xml
  - pom.xml
  - ca-mgmt-shell
    - src
      - main
        java
        org
        xipki
        ca
        mgmt
        shell
        CaActions.java
        DbActions.java
        package-info.java
        CertActions.java
        ShellUtil.java
        CaCompleters.java
    - pom.xml
  - scep-client-shell
    - src
      - main
        java
        org
        xipki
        scep
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - ocsp-client-shell
    - src
      - main
        java
        org
        xipki
        ocsp
        client
        shell
        Actions.java
        package-info.java
    - pom.xml
  - shell-base
    - src
      - main
        resources
        OSGI-INF
        blueprint
        config.xml
        java
        org
        xipki
        shell
        IllegalCmdParamException.java
        Actions.java
        XiAction.java
        FileUtils.java
        package-info.java
        Completers.java
        CmdFailure.java
        DynamicEnumCompleter.java
        EnumCompleter.java
    - pom.xml
- ca-api
  - src
    - main
      - resources
        conf
        areacode.cfg
        rdnorder.cfg
      - java
        org
        xipki
        ca
        api
        CertificateInfo.java
        CertWithDbId.java
        publisher
        CertPublisherException.java
        CertPublisherFactory.java
        CertPublisher.java
        package-info.java
        CertPublisherFactoryRegister.java
        NameId.java
        RequestType.java
        mgmt
        PermissionConstants.java
        MgmtRequest.java
        CaConf.java
        CrlControl.java
        CmpControl.java
        CaMgmtException.java
        CaConfType.java
        RevokeSuspendedControl.java
        RequestorInfo.java
        ProtocolSupport.java
        ValidityMode.java
        MgmtMessage.java
        MgmtEntry.java
        CaManager.java
        package-info.java
        CertListInfo.java
        CertListOrderBy.java
        MgmtResponse.java
        CertWithStatusInfo.java
        CaStatus.java
        ScepControl.java
        CaSystemStatus.java
        CertWithRevocationInfo.java
        CtlogControl.java
        CaConfs.java
        OperationException.java
        BadCertTemplateException.java
        package-info.java
        BadFormatException.java
        PublicCaInfo.java
        RestAPIConstants.java
        profile
        ExtensionValues.java
        TextVadidator.java
        KeypairGenControl.java
        ExtensionValue.java
        CertprofileException.java
        CertprofileFactory.java
        ExtensionSpec.java
        package-info.java
        Range.java
        CertprofileFactoryRegister.java
        KeyParametersOption.java
        Certprofile.java
        SubjectDnSpec.java
        DomainValidator.java
        BaseCertprofile.java
        CaUris.java
        InsuffientPermissionException.java
  - pom.xml
- ocsp-api
  - src
    - main
      - java
        org
        xipki
        ocsp
        api
        OcspStoreException.java
        ResponderAndPath.java
        OcspStore.java
        OcspRespWithCacheInfo.java
        mgmt
        OcspManager.java
        MgmtRequest.java
        MgmtMessage.java
        package-info.java
        MgmtResponse.java
        OcspMgmtException.java
        RequestIssuer.java
        package-info.java
        OcspServer.java
        Responder.java
        CertStatusInfo.java
  - pom.xml
- security-extra
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        security
        pkcs11
        provider
        P11ECDSASignatureSpi.java
        P11RSAPSSSignatureSpi.java
        P11PlainECDSASignatureSpi.java
        P11DSASignatureSpi.java
        XiKeyStoreSpi.java
        XiProvider.java
        P11RSADigestSignatureSpi.java
        package-info.java
        XiSM2ParameterSpec.java
        AbstractP11ECDSASignatureSpi.java
        XiProviderRegister.java
        P11SM3WithSM2SignatureSpi.java
        proxy
        ProxyP11Module.java
        ProxyP11ModuleFactory.java
        package-info.java
        ProxyMessage.java
        P11ProxyConstants.java
        ProxyP11Identity.java
        ProxyP11Slot.java
        emulator
        EmulatorP11Slot.java
        SM2Signer.java
        EmulatorP11ModuleFactory.java
        EmulatorP11Identity.java
        package-info.java
        PrivateKeyCryptor.java
        EmulatorP11Module.java
  - pom.xml
- examples
  - certprofile-example
    - src
      - main
        java
        org
        xipki
        ca
        certprofile
        demo
        package-info.java
        DemoCertprofile.java
        CertprofileFactoryImpl.java
    - pom.xml
  - pom.xml
  - lite-caclient-example
    - src
      - main
        java
        org
        xipki
        litecaclient
        TlsInit.java
        PbmMacCmpCaClient.java
        package-info.java
        RestCaClient.java
        example
        SignatureCmpCaClientExample.java
        Base64.java
        CaClientExample.java
        RestCaClientExample.java
        PbmMacCmpCaClientExample.java
        package-info.java
        KeyAndCert.java
        ObjectIdentifiers.java
        SdkUtil.java
        SignatureCmpCaClient.java
        CmpCaClient.java
    - pom.xml
  - ocsp-store-example
    - src
      - main
        java
        org
        xipki
        ocsp
        server
        store
        example
        IssuerEntry.java
        DummyStore.java
        package-info.java
    - pom.xml
  - dummy-ctlog-server
    - src
      - main
        java
        org
        xipki
        ctlog
        dummyserver
        CtLogServletRSA.java
        CtLogServletEC.java
        package-info.java
        CtLogServlet.java
        webapp
        WEB-INF
        web.xml
    - pom.xml
  - scep-example
    - src
      - main
        java
        org
        xipki
        scep
        example
        CaClientExample.java
        package-info.java
        ScepClientExample.java
    - pom.xml
  - ocsp-store-example-assembly
    - src
      - assembly
        unfiltered
        xipki
        etc
        ocsp
        ocsp-responder.json
        keycerts
        ocsp1.p12
        ca-cert.pem
        README.md
        descriptors
        main.xml
    - pom.xml
- pom.xml
- audit
  - src
    - main
      - java
        org
        xipki
        audit
        PciAuditEvent.java
        AuditEvent.java
        services
        package-info.java
        EmbedAuditService.java
        SyslogAuditService.java
        AuditServiceRuntimeException.java
        AuditService.java
        package-info.java
        AuditLevel.java
        AuditEventData.java
        AuditStatus.java
        Audits.java
  - pom.xml
- p11proxy-servlet
  - src
    - main
      - resources
        version
        log4j2.properties
      - java
        org
        xipki
        p11proxy
        servlet
        LocalP11CryptServicePool.java
        P11ProxyResponder.java
        package-info.java
        P11ProxyConf.java
        HttpProxyServlet.java
        ProxyServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- LICENSE
- dbtool
  - src
    - main
      - java
        org
        xipki
        dbtool
        package-info.java
        LiquibaseMain.java
        InvalidInputException.java
        InitDbMain.java
  - pom.xml
- util
  - src
    - main
      - java
        org
        xipki
        util
        ValidatableConf.java
        ProcessLog.java
        StringUtil.java
        Base64Url.java
        HealthCheckResult.java
        FileOrValue.java
        Curl.java
        RandomUtil.java
        Base64.java
        LruCache.java
        DefaultCurl.java
        Hex.java
        Validity.java
        Args.java
        ObjectCreationException.java
        CompareUtil.java
        ReqRespDebug.java
        LogUtil.java
        package-info.java
        BenchmarkExecutor.java
        DateUtil.java
        XipkiBaseDir.java
        http
        SslContextConf.java
        SSLContextBuilder.java
        package-info.java
        HostnameVerifiers.java
        concurrent
        ConcurrentBag.java
        ConcurrentBagEntry.java
        FastList.java
        ClockSource.java
        package-info.java
        CountLatch.java
        IoUtil.java
        FileOrBinary.java
        HttpConstants.java
        CollectionUtil.java
        ConfPairs.java
        PemEncoder.java
        TripleState.java
        InvalidConfException.java
    - test
      - resources
        HEADER.txt
      - java
        org
        xipki
        common
        test
        DateUtilTest.java
        ConfPairsTest.java
        CanonicalizeCode.java
  - pom.xml
- ca-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ca
        servlet
        HttpCmpServlet.java
        HttpRestServlet.java
        TlsHelper.java
        HttpMgmtServlet.java
        HttpScepServlet.java
        HttpRespAuditException.java
        package-info.java
        HealthCheckServlet.java
        HttpRequestMetadataRetrieverImpl.java
        CaServletFilter.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- ca-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ca
        mgmt
        db
        DbToolBase.java
        package-info.java
        port
        AbstractOcspCertstoreDbImporter.java
        DbPorter.java
        OcspCertstoreDbImporter.java
        DbPortWorker.java
        CaCertstoreDbImporter.java
        CaCertstore.java
        CaconfDbExporter.java
        OcspCertstoreDbExporter.java
        OcspCertstore.java
        OcspCertStoreFromCaDbImporter.java
        package-info.java
        CaconfDbImporter.java
        IdentifidDbObject.java
        CaCertstoreDbExporter.java
        DbSchemaInfo.java
        diffdb
        DigestDiffWorker.java
        RefDigestReader.java
        TargetDigestReader.java
        QueueEntry.java
        DigestDiffReporter.java
        DigestDiff.java
        DbType.java
        package-info.java
        IdentifiedDigestEntry.java
        CertsBundle.java
        DigestEntry.java
        client
        CaMgmtClient.java
        package-info.java
  - pom.xml
- CHANGELOG.md
- ocsp-mgmt-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        mgmt
        client
        OcspMgmtClient.java
        package-info.java
  - pom.xml
- datasource
  - src
    - main
      - java
        org
        xipki
        datasource
        DataSourceConf.java
        DataAccessException.java
        SqlStateCodes.java
        package-info.java
        DataSourceFactory.java
        SqlErrorCodes.java
        DataSourceWrapper.java
        DatabaseType.java
  - pom.xml
- .travis.yml
- README.md
- ocsp-client
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        ocsp
        client
        OcspRequestorException.java
        XiOCSPReqBuilder.java
        OcspRequestor.java
        OcspResponseException.java
        package-info.java
        RequestOptions.java
        AbstractOcspRequestor.java
        HttpOcspRequestor.java
  - pom.xml
- CODE_OF_CONDUCT.md
- cmpclient
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
      - java
        org
        xipki
        cmpclient
        EnrollCertRequest.java
        CertIdOrError.java
        CertprofileInfo.java
        CmpClientException.java
        CmpClientConf.java
        UnrevokeOrRemoveCertRequest.java
        package-info.java
        internal
        CaConf.java
        EnrollCertResponse.java
        RevokeCertResponse.java
        CsrEnrollCertRequest.java
        RemoveExpiredCertsResult.java
        Requestor.java
        package-info.java
        CmpClientImpl.java
        Responder.java
        ResultEntry.java
        CmpAgent.java
        PkiErrorException.java
        RevokeCertRequest.java
        EnrollCertResult.java
        CmpClient.java
        IdentifiedObject.java
  - pom.xml
- ca-server
  - src
    - main
      - resources
        sql
        ca-init.xml
        ca-init-v4.xml
        ocsp-init.xml
        version
      - java
        org
        xipki
        ca
        server
        CertRepublisher.java
        CaServerConf.java
        CaUtil.java
        CertRevInfoWithSerial.java
        RandomSerialNumberGenerator.java
        publisher
        OcspCertPublisher.java
        package-info.java
        OcspStoreQueryExecutor.java
        OcspCertPublisherFactory.java
        CaAuditConstants.java
        CertTemplateData.java
        SelfSignedCertBuilder.java
        DhpocControl.java
        CtLogClient.java
        IdentifiedCertprofile.java
        CaIdNameMap.java
        X509Ca.java
        CaManagerImpl.java
        PasswordHash.java
        CtLogPublicKeyFinder.java
        RequestorEntryWrapper.java
        package-info.java
        RestResponder.java
        SignerEntryWrapper.java
        UniqueIdGenerator.java
        CertStore.java
        cmp
        BaseCmpResponder.java
        CmpResponder.java
        package-info.java
        CrmfKeyWrapper.java
        PendingCertificatePool.java
        CaManagerQueryExecutor.java
        IdentifiedCertPublisher.java
        ScepResponder.java
        HttpRequestMetadataRetriever.java
        CaInfo.java
    - test
      - java
        org
        xipki
        ca
        server
        PasswordHashTest.java
  - pom.xml
- qa
  - src
    - main
      - resources
        OSGI-INF
        blueprint
        config.xml
        testkeys
        ec-1.3.132.0.26.p12
        ec-1.2.840.10045.3.0.5.p12
        ec-1.3.132.0.36.p12
        ec-1.3.132.0.10.p12
        ec-1.3.132.0.27.p12
        ec-1.2.840.10045.3.0.16.p12
        rsa-2048-0x10000000000000001.p12
        dsa-2048-256.p12
        ec-1.3.132.0.4.p12
        ec-1.3.36.3.3.2.8.1.1.6.p12
        rsa-4096-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.4.p12
        dsa-3072-256.p12
        ec-1.2.840.10045.3.0.13.p12
        ec-1.2.840.10045.3.1.2.p12
        ec-1.3.132.0.29.p12
        ec-1.3.132.0.16.p12
        rsa-4096-0x100000001.p12
        ec-1.3.36.3.3.2.8.1.1.9.p12
        ec-1.3.36.3.3.2.8.1.1.14.p12
        ec-1.3.36.3.3.2.8.1.1.7.p12
        ec-1.3.36.3.3.2.8.1.1.10.p12
        ec-1.2.840.10045.3.0.20.p12
        ec-1.3.36.3.3.2.8.1.1.8.p12
        ec-1.3.132.0.28.p12
        dsa-1024-160.p12
        ec-1.3.132.0.5.p12
        ec-1.2.840.10045.3.0.6.p12
        ec-1.2.840.10045.3.0.11.p12
        ec-1.3.132.0.9.p12
        ec-1.3.132.0.38.p12
        ec-1.2.840.10045.3.0.3.p12
        ec-1.2.840.10045.3.0.2.p12
        rsa-3072-0x10001.p12
        ec-1.2.840.10045.3.0.12.p12
        ec-1.3.132.0.35.p12
        ec-1.2.840.10045.3.0.7.p12
        ec-1.2.840.10045.3.0.4.p12
        ec-1.3.132.0.34.p12
        ec-1.3.132.0.33.p12
        ec-1.2.840.10045.3.1.7.p12
        dsa-2048-224.p12
        rsa-2048-0x10001.p12
        ec-1.3.132.0.15.p12
        ec-1.3.132.0.8.p12
        ec-1.3.132.0.30.p12
        ec-1.2.840.10045.3.1.4.p12
        ec-1.3.36.3.3.2.8.1.1.5.p12
        ec-1.2.840.10045.3.1.1.p12
        ec-1.3.132.0.2.p12
        ec-1.3.36.3.3.2.8.1.1.2.p12
        ec-1.2.840.10045.3.1.6.p12
        ec-1.2.840.10045.3.0.18.p12
        ec-1.2.840.10045.3.0.1.p12
        ec-1.3.132.0.24.p12
        ec-1.3.132.0.3.p12
        ec-1.3.132.0.6.p12
        ec-1.3.36.3.3.2.8.1.1.12.p12
        ec-1.3.36.3.3.2.8.1.1.13.p12
        ec-1.2.840.10045.3.0.19.p12
        rsa-1024-0x100000001.p12
        rsa-4096-0x10001.p12
        ec-1.3.132.0.22.p12
        ec-1.3.132.0.32.p12
        ec-1.3.132.0.7.p12
        ec-1.3.132.0.1.p12
        ec-1.2.840.10045.3.1.3.p12
        ec-1.3.36.3.3.2.8.1.1.1.p12
        ec-1.3.132.0.39.p12
        rsa-1024-0x10001.p12
        rsa-2048-0x100000001.p12
        ec-1.2.840.10045.3.0.10.p12
        ec-1.2.840.10045.3.0.17.p12
        rsa-1024-0x10000000000000001.p12
        ec-1.3.132.0.17.p12
        ec-1.3.132.0.31.p12
        rsa-3072-0x100000001.p12
        rsa-3072-0x10000000000000001.p12
        ec-1.3.36.3.3.2.8.1.1.11.p12
        ec-1.3.36.3.3.2.8.1.1.3.p12
        ec-1.3.132.0.25.p12
        ec-1.3.132.0.37.p12
        ec-1.3.132.0.23.p12
        ec-1.2.840.10045.3.1.5.p12
      - java
        org
        xipki
        qa
        security
        P11KeyGenSpeed.java
        P12SignSpeed.java
        P12KeyGenSpeed.java
        P11SignSpeed.java
        package-info.java
        ca
        QaconfType.java
        CaEnrollBenchKeyEntry.java
        SubjectChecker.java
        CaEnrollBenchmark.java
        IssuerInfo.java
        package-info.java
        CertprofileQa.java
        CaEnrollBenchEntry.java
        CaQaSystemManager.java
        QaExtensionValue.java
        ExtensionsChecker.java
        PublicKeyChecker.java
        CaQaSystemManagerImpl.java
        ValidationIssue.java
        RangeBigIntegerIterator.java
        ocsp
        OcspBenchRequestor.java
        OcspResponseOption.java
        OcspError.java
        OcspQa.java
        package-info.java
        OcspCertStatus.java
        OcspBenchmark.java
        package-info.java
        ValidationResult.java
        BigIntegerRange.java
        FileBigIntegerIterator.java
        BenchmarkHttpClient.java
  - pom.xml
- commands.md
- .gitignore
- scep-client
  - src
    - main
      - java
        org
        xipki
        scep
        transaction
        CaCapability.java
        PkiStatus.java
        Nonce.java
        Operation.java
        TransactionId.java
        package-info.java
        FailInfo.java
        MessageType.java
        TransactionException.java
        client
        Client.java
        CaIdentifier.java
        package-info.java
        ScepClient.java
        EnrolmentResponse.java
        ScepClientException.java
        ScepHttpResponse.java
        CaCertValidator.java
        util
        ScepUtil.java
        ScepConstants.java
        package-info.java
        message
        PkiMessage.java
        CaCaps.java
        DecodedPkiMessage.java
        DecodedNextCaMessage.java
        CertificateValidator.java
        IssuerAndSubject.java
        MessageDecodingException.java
        EnvelopedDataDecryptor.java
        NextCaMessage.java
        AuthorityCertStore.java
        package-info.java
        ScepObjectIdentifiers.java
        MessageEncodingException.java
    - test
      - java
        org
        xipki
        scep
        client
        test
        CaWithoutRaTest.java
        MyUtil.java
        DESOnlyCaTest.java
        HttpGetOnlyCaTest.java
        AbstractCaTest.java
        package-info.java
        CaTest.java
        NoCmsSignerCertCaTest.java
        serveremulator
        AuditEvent.java
        CaException.java
        NextCaAndRa.java
        ScepServlet.java
        CaEmulator.java
        ScepServerContainer.java
        package-info.java
        RaEmulator.java
        ScepResponder.java
        ScepControl.java
        ScepServer.java
  - pom.xml
- assemblies
  - xipki-qa
    - src
      - main
        filtered
        lib
        jdbc
        features.xml
        unfiltered
        xipki
        ctlog
        dummy-ctlog-ec-pubkey.pem
        dummy-ctlog-rsa-pubkey.pem
        cmpclient
        template.cmpclient-mac.json
        template.cmpclient-signature.json
        etc
        ca
        ca.json
        ocsp
        template.ocsp-responder.json
        ca-qa
        qa-certcheck-conf.json
        qa-benchmark-conf.json
        qa
        lifecycle.script
        cab
        template.subca.json
        lifecycle.script
        template.rootca.json
        template.cmpclient.json
        template.ra.script
        initdb.script
        template.ca-load.script
        extensions
        extensions-syntax-ext-implicit-tag.json
        extensions-gmt0015.json
        extensions-syntax-ext-explicit-tag.json
        extensions-syntax-ext.json
        extensions-apple-wwdr.json
        extensions-ee-complex.json
        keys
        crlsigner.p12
        dhpoc_certs.pem
        dhpoc.p12
        template.rest.script
        qa.d
        template.subca.json
        template.rootca.json
        template.subcawithcrl.json
        template.ra.script
        prepare-keys.script
        scep-server.script
        initdb.script
        template.ca-load.script
        template.ca.script
        main.script
        certprofile
        certprofile-subca.json
        certprofile-cab-individual-validated.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-syntax-ext-implicit-tag.json
        certprofile-cab-rootca.json
        certprofile-constant-ext-explicit-tag.json
        certprofile-apple-wwdr.json
        certprofile-x25519.json
        certprofile-cab-subca.json
        certprofile-ee-complex.json
        certprofile-x448.json
        certprofile-multi-valued-rdn.json
        certprofile-syntax-ext.json
        certprofile-cross.json
        certprofile-scep.json
        certprofile-ed25519.json
        certprofile-extended.json
        certprofile-qc.json
        certprofile-cab-org-validated.json
        certprofile-fixed-partial-subject.json
        certprofile-ed448.json
        certprofile-multiple-ous.json
        certprofile-subca-complex.json
        certprofile-constant-ext-implicit-tag.json
        certprofile-smime-legacy.json
        certprofile-ocsp.json
        certprofile-constant-ext.json
        certprofile-smime.json
        certprofile-gmt0015.json
        certprofile-max-time.json
        certprofile-rootca.json
        certprofile-cab-domain-validated.json
        certprofile-syntax-ext-explicit-tag.json
        benchmark.script
        setenv.script
        scep.script
        ocsp.script
        main-mgmt.script
        camgmt-qa.script
        p12
        ec
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        sm2
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        dsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        rsa
        ee-complex2.p12
        ee-complex1.p12
        gmt0015_1.p12
        smime-legacy1.p12
        tls2.p12
        tls1.p12
        multi-valued-rdn1.p12
        apple-wwdr1.p12
        tls-c1.p12
        multiple-ous1.p12
        rest-tls1.p12
        syntax-ext-explicit-tag1.p12
        fixed-partial-subject2.p12
        smime1.p12
        ocsp1.p12
        fixed-partial-subject1.p12
        syntax-ext-implicit-tag1.p12
        cab-individual-validated1.p12
        gmt0015_2.p12
        tls-neg.p12
        ocsp2.p12
        cross1.p12
        tls-c2.p12
        syntax-ext1.p12
        cab-domain-validated1.p12
        constant-ext-implicit-tag1.p12
        qc1.p12
        cab-org-validated2.p12
        constant-ext1.p12
        constant-ext-explicit-tag1.p12
        cab-individual-validated2.p12
        cab-org-validated1.p12
        cab-domain-validated2.p12
        multiple-ous2.p12
        max-time1.p12
        shared
        scep1.p12
        scep-ocsp2.p12
        scep-ocsp1-2.p12
        scep-ocsp1.p12
        genkeys.script
        ca-qa.script
        tools
        cmpclient.json
        main.script
        certprofile
        certprofile-tls-ed25519.json
        certprofile-tls-rsa.json
        certprofile-tls-x25519.json
        certprofile-tls-dsa-ec.json
        certprofile-rootca.json
        certprofile-tls-ed448.json
        certprofile-tls-x448.json
        gencerts.script
        template.ca-conf.json
        rest.sh
        eddsa
        template.subca.json
        lifecycle.script
        qa.script
        cmpclient.json
        ra.script
        template.rootca.json
        prepare-keys.script
        initdb.script
        template.ca-load.script
        reimport.script
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ca-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        ca
        database
        h2
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ca-db.properties
        ocsp-db.properties
        oracle
        ca-db.properties
        ocsp-db.properties
        mysql
        ca-db.properties
        ocsp-db.properties
        pgsql
        ca-db.properties
        ocsp-db.properties
        mariadb
        ca-db.properties
        ocsp-db.properties
        db2
        ca-db.properties
        ocsp-db.properties
        ca.json
        audit.syslog.cfg
        descriptors
        main.xml
    - pom.xml
    - README.md
  - ocsp-war
    - src
      - assembly
        unfiltered
        xipki
        crls
        template
        crl-mycrl1
        UPDATEME
        README
        REVOCATION
        crl.url
        README
        etc
        ocsp
        database
        h2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        hsqldb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        oracle
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mysql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        pgsql
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        mariadb
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        db2
        ocsp-cache-db.properties
        ocsp-crl-db.properties
        ca-db.properties
        ocsp-db.properties
        example
        crl-store
        ocsp-responder.json
        ejbca-store
        ocsp-responder.json
        xipki-ca-db-store
        ocsp-responder.json
        xipki-db-store
        ocsp-responder.json
        ocsp.json
        keycerts
        ocsp1.p12
        descriptors
        main.xml
    - pom.xml
    - README.md
  - pom.xml
  - xipki-cli
    - src
      - main
        filtered
        etc
        branding.properties
        branding-ssh.properties
        patchkaraf
        org.ops4j.pax.logging.cfg.patch
        unfiltered
        xipki
        ca-setup
        configure-ocsp.script
        cacert-present
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        certprofile
        certprofile-subca.json
        certprofile-tls-c.json
        certprofile-tls.json
        certprofile-scep.json
        certprofile-ocsp.json
        certprofile-smime.json
        certprofile-rootca.json
        cacert-none
        setup-ec-p12.script
        README
        setup-dsa-p12.script
        setup-ec-yubikey.script
        setup-sm2-p11.script
        setup-sm2-p12.script
        configure-ca.script
        setup-dsa-p11.script
        setup-ec-p11.script
        setup-rsa-p11.script
        template.ca-conf.json
        setup-rsa-p12.script
        client-script
        cmp-client.script
        scep-client.script
        rest-client.script
        rest.sh
        cmpclient
        cmpclient-mac.json
        cmpclient-signature.json
        etc
        org.xipki.shell.curl.cfg
        org.xipki.ca.mgmt.client.cfg
        org.xipki.ocsp.mgmt.client.cfg
        org.xipki.password.cfg
        org.xipki.cmpclient.cfg
        org.xipki.ocsp.client.cfg
        custom.properties
        org.xipki.security.cfg
        custom.system.properties
        descriptors
        main.xml
    - pom.xml
  - p11proxy-war
    - src
      - assembly
        unfiltered
        xipki
        etc
        p11proxy
        p11proxy.json
        descriptors
        main.xml
    - pom.xml
    - README.md
  - features
    - pom.xml
    - cli
      - src
        main
        filtered
        features.xml
      - pom.xml
    - qa
      - src
        main
        filtered
        features.xml
      - pom.xml
  - shared
    - dbtool
      - lib
        log4j2.properties
      - bin
        initdb.bat
        initdb.sh
    - license
      - bouncycastle-LICENSE.txt
      - Apache-License-v2.txt
      - iaikPKCS11Wrapper-LICENSE.txt
    - conf
      - tomcat
        bin
        setenv.bat
        setenv.sh
      - xipki
        security
        masterpassword.secret
        example
        pkcs11-emulator.json
        pkcs11-proxy.json
        pkcs11-yubikey.json
        pkcs11-hsm.json
- doc
  - database
    - misc
    - Perf-MySQL.md
    - db-sequence.txt
  - dev-env
    - xipki_google_checks.xml
    - eclipse-java-google-style.xml
    - README.md
  - git
    - git-commands.md
  - standards
    - etsi
    - public-tls
      - rfc6962.txt
    - misc
    - pkcs
    - commonpki
    - ietf
      - cms-rfc5652.txt
      - ocsp-rfc2560.txt
      - est-rfc7030.txt
      - x509-rfc6962.txt
      - notes.txt
      - cmc-rfc5274.txt
      - draft-gutmann-scep-00.txt
      - x509-rfc4262.txt
      - cmc-rfc6402.txt
      - dh-poc-rfc6955.txt
      - edwards-rfc8410.txt
      - x509-rfc7633.txt
      - cmp-rfc4211.txt
      - cmc-rfc5273.txt
      - draft-nourse-scep-23.txt
      - ocsp-rfc6960.txt
      - edwards-rfc8032.txt
      - cmc-rfc5272.txt
      - x509-rfc3739.txt
      - edwards-rfc7748.txt
      - pkcs5-rfc8018.txt
- ocsp-servlet
  - src
    - main
      - resources
        log4j2.properties
      - java
        org
        xipki
        ocsp
        servlet
        OcspConf.java
        TlsHelper.java
        HttpMgmtServlet.java
        OcspServletFilter.java
        package-info.java
        HealthCheckServlet.java
        OcspServlet.java
      - webapp
        META-INF
        MANIFEST.MF
        WEB-INF
        web.xml
  - pom.xml
- certprofile-xijson
  - src
    - main
      - java
        org
        xipki
        ca
        certprofile
        xijson
        QcStatementOption.java
        AdmissionExtension.java
        CertificatePolicyInformation.java
        NotBeforeOption.java
        MonetaryValueOption.java
        SubjectDirectoryAttributesControl.java
        BiometricInfoOption.java
        XijsonCertprofile.java
        DirectoryStringType.java
        package-info.java
        ExtensionSyntaxChecker.java
        CertificatePolicyQualifier.java
        conf
        AlgorithmType.java
        X509ProfileType.java
        GeneralSubtreeType.java
        Subject.java
        CertificatePolicyInformationType.java
        GeneralNameType.java
        SubjectToSubjectAltNameType.java
        ExtensionType.java
        KeyParametersType.java
        package-info.java
        KeypairGenerationType.java
        Describable.java
        QcStatementType.java
        CertprofileFactoryImpl.java
    - test
      - java
        org
        xipki
        ca
        certprofile
        test
        ProfileConfCreatorDemo.java
        DummyMain.java
  - pom.xml

/*
 *
 * Copyright (c) 2013 - 2020 Lijun Liao
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.xipki.security.pkcs12;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.EllipticCurve;
import java.util.ArrayList;
import java.util.List;

import javax.crypto.NoSuchPaddingException;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.signers.DSADigestSigner;
import org.bouncycastle.crypto.signers.DSASigner;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcContentSignerBuilder;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DSAPlainDigestSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.EdECConstants;
import org.xipki.security.SignatureSigner;
import org.xipki.security.X509Cert;
import org.xipki.security.XiContentSigner;
import org.xipki.security.XiSecurityException;
import org.xipki.security.XiWrappedContentSigner;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.GMUtil;
import org.xipki.security.util.SignerUtil;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;

/**
 * Builder of signer based PKCS#12 keystore.
 *
 * @author Lijun Liao
 * @since 2.0.0
 */

public class P12ContentSignerBuilder {

  private static final AlgorithmIdentifier ALGID_SM2_SM3 =
      new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3);

  private static final AlgorithmIdentifier ALGID_SM3 =
      new AlgorithmIdentifier(GMObjectIdentifiers.sm3);

  // CHECKSTYLE:SKIP
  private static class RSAContentSignerBuilder extends BcContentSignerBuilder {

    private RSAContentSignerBuilder(AlgorithmIdentifier signatureAlgId)
        throws NoSuchAlgorithmException, NoSuchPaddingException {
      super(signatureAlgId, AlgorithmUtil.extractDigesetAlgFromSigAlg(signatureAlgId));
    }

    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
        throws OperatorCreationException {
      if (!AlgorithmUtil.isRSASigAlgId(sigAlgId)) {
        throw new OperatorCreationException("the given algorithm is not a valid RSA signature "
            + "algirthm '" + sigAlgId.getAlgorithm().getId() + "'");
      }

      if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(sigAlgId.getAlgorithm())) {
        Digest dig = digestProvider.get(digAlgId);
        return new RSADigestSigner(dig);
      }

      try {
        return SignerUtil.createPSSRSASigner(sigAlgId);
      } catch (XiSecurityException ex) {
        throw new OperatorCreationException(ex.getMessage(), ex);
      }
    }

  } // class RSAContentSignerBuilder

  // CHECKSTYLE:SKIP
  private static class DSAContentSignerBuilder extends BcContentSignerBuilder {

    private final boolean plain;

    private DSAContentSignerBuilder(AlgorithmIdentifier signatureAlgId, boolean plain)
        throws NoSuchAlgorithmException {
      super(signatureAlgId, AlgorithmUtil.extractDigesetAlgFromSigAlg(signatureAlgId));
      this.plain = plain;
    }

    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
        throws OperatorCreationException {
      if (!AlgorithmUtil.isDSASigAlg(sigAlgId)) {
        throw new OperatorCreationException("the given algorithm is not a valid DSA signature "
            + "algirthm '" + sigAlgId.getAlgorithm().getId() + "'");
      }

      Digest dig = digestProvider.get(digAlgId);
      DSASigner dsaSigner = new DSASigner();
      return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig);
    }

  } // class DSAContentSignerBuilder

  // CHECKSTYLE:SKIP
  private static class ECDSAContentSignerBuilder extends BcContentSignerBuilder {

    private final boolean plain;

    private ECDSAContentSignerBuilder(AlgorithmIdentifier signatureAlgId, boolean plain)
        throws NoSuchAlgorithmException {
      super(signatureAlgId, AlgorithmUtil.extractDigesetAlgFromSigAlg(signatureAlgId));
      this.plain = plain;
    }

    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
        throws OperatorCreationException {
      if (!AlgorithmUtil.isECSigAlg(sigAlgId)) {
        throw new OperatorCreationException("the given algorithm is not a valid EC signature "
            + "algorithm '" + sigAlgId.getAlgorithm().getId() + "'");
      }

      Digest dig = digestProvider.get(digAlgId);
      ECDSASigner dsaSigner = new ECDSASigner();

      return plain ? new DSAPlainDigestSigner(dsaSigner, dig) : new DSADigestSigner(dsaSigner, dig);
    }

  } // class ECDSAContentSignerBuilder

  // CHECKSTYLE:SKIP
  private static class SM2ContentSignerBuilder extends BcContentSignerBuilder {

    private SM2ContentSignerBuilder() throws NoSuchAlgorithmException {
      super(ALGID_SM2_SM3, ALGID_SM3);
    }

    protected Signer createSigner(AlgorithmIdentifier sigAlgId, AlgorithmIdentifier digAlgId)
            throws OperatorCreationException {
      if (!AlgorithmUtil.isSM2SigAlg(sigAlgId)) {
        throw new OperatorCreationException("the given algorithm is not a valid EC signature "
            + "algorithm '" + sigAlgId.getAlgorithm().getId() + "'");
      }

      return new SM2Signer();
    }

  } // class SM2ContentSignerBuilder

  private final PrivateKey key;

  private final PublicKey publicKey;

  private final X509Cert[] certificateChain;

  public P12ContentSignerBuilder(PrivateKey privateKey, PublicKey publicKey)
      throws XiSecurityException {
    this.key = Args.notNull(privateKey, "privateKey");
    this.publicKey = Args.notNull(publicKey, "publicKey");
    this.certificateChain = null;
  }

  public P12ContentSignerBuilder(KeypairWithCert keypairWithCert) throws XiSecurityException {
    Args.notNull(keypairWithCert, "keypairWithCert");
    this.key = keypairWithCert.getKey();
    this.publicKey = keypairWithCert.getPublicKey();
    this.certificateChain = keypairWithCert.getCertificateChain();
  }

  public ConcurrentContentSigner createSigner(AlgorithmIdentifier signatureAlgId, int parallelism,
      SecureRandom random) throws XiSecurityException, NoSuchPaddingException {
    Args.notNull(signatureAlgId, "signatureAlgId");
    Args.positive(parallelism, "parallelism");

    List<XiContentSigner> signers = new ArrayList<>(parallelism);

    String provName = null;
    if (AlgorithmUtil.isRSASigAlgId(signatureAlgId)) {
      provName = "SunRsaSign";
    } else if (AlgorithmUtil.isECSigAlg(signatureAlgId)) {
      // Currently, the provider SunEC is much slower (5x) than BC
      provName = null;
    } else if (AlgorithmUtil.isDSASigAlg(signatureAlgId)) {
      provName = "SUN";
    } else {
      ASN1ObjectIdentifier oid = signatureAlgId.getAlgorithm();
      if (EdECConstants.id_ED25519.equals(oid)
          || EdECConstants.id_ED448.equals(oid)) {
        provName = "BC";
      }
    }

    if (provName != null && Security.getProvider(provName) != null) {
      String algoName;
      try {
        algoName = AlgorithmUtil.getSignatureAlgoName(signatureAlgId);
      } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException(ex.getMessage());
      }

      try {
        for (int i = 0; i < parallelism; i++) {
          Signature signature = Signature.getInstance(algoName, provName);
          signature.initSign(key);
          if (i == 0) {
            signature.update(new byte[]{1, 2, 3, 4});
            signature.sign();
          }
          XiContentSigner signer = new SignatureSigner(signatureAlgId, signature, key);
          signers.add(signer);
        }
      } catch (Exception ex) {
        signers.clear();
      }
    }

    if (CollectionUtil.isEmpty(signers)) {
      BcContentSignerBuilder signerBuilder;
      AsymmetricKeyParameter keyparam;
      try {
        if (key instanceof RSAPrivateKey) {
          keyparam = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) key);
          signerBuilder = new RSAContentSignerBuilder(signatureAlgId);
        } else if (key instanceof DSAPrivateKey) {
          keyparam = DSAUtil.generatePrivateKeyParameter(key);
          signerBuilder = new DSAContentSignerBuilder(signatureAlgId,
              AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
        } else if (key instanceof ECPrivateKey) {
          keyparam = ECUtil.generatePrivateKeyParameter(key);
          EllipticCurve curve = ((ECPrivateKey) key).getParams().getCurve();
          if (GMUtil.isSm2primev2Curve(curve)) {
            signerBuilder = new SM2ContentSignerBuilder();
          } else {
            signerBuilder = new ECDSAContentSignerBuilder(signatureAlgId,
                AlgorithmUtil.isDSAPlainSigAlg(signatureAlgId));
          }
        } else {
          throw new XiSecurityException("unsupported key " + key.getClass().getName());
        }
      } catch (InvalidKeyException ex) {
        throw new XiSecurityException("invalid key", ex);
      } catch (NoSuchAlgorithmException ex) {
        throw new XiSecurityException("no such algorithm", ex);
      }

      for (int i = 0; i < parallelism; i++) {
        if (random != null) {
          signerBuilder.setSecureRandom(random);
        }

        ContentSigner signer;
        try {
          signer = signerBuilder.build(keyparam);
        } catch (OperatorCreationException ex) {
          throw new XiSecurityException("operator creation error", ex);
        }
        signers.add(new XiWrappedContentSigner(signer, true));
      }
    }

    final boolean mac = false;
    ConcurrentContentSigner concurrentSigner;
    try {
      concurrentSigner = new DfltConcurrentContentSigner(mac, signers, key);
    } catch (NoSuchAlgorithmException ex) {
      throw new XiSecurityException(ex.getMessage(), ex);
    }

    if (certificateChain != null) {
      concurrentSigner.setCertificateChain(certificateChain);
    } else {
      concurrentSigner.setPublicKey(publicKey);
    }
    return concurrentSigner;
  } // method createSigner

  public X509Cert getCertificate() {
    return (certificateChain != null && certificateChain.length > 0) ? certificateChain[0] : null;
  }

  public X509Cert[] getCertificateChain() {
    return certificateChain;
  }

  public PrivateKey getKey() {
    return key;
  }

}