org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder Java Examples

The following examples show how to use org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SMIMEKeyHolder.java    From james-project with Apache License 2.0 6 votes vote down vote up 
/**
 * Creates an <CODE>SMIMESignedGenerator</CODE>. Includes a signer private key and certificate,
 * and a pool of certs and cerls (if any) to go with the signature.
 * @return The generated SMIMESignedGenerator.
 */
public SMIMESignedGenerator createGenerator() throws CertStoreException, SMIMEException, OperatorCreationException,
    CertificateEncodingException {
    
    // create the generator for creating an smime/signed message
    SMIMESignedGenerator generator = new SMIMESignedGenerator();
    
    // add a signer to the generator - this specifies we are using SHA1
    // the encryption algorithm used is taken from the key
    SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder()
        .setProvider("BC")
        .build("SHA1withRSA", privateKey, certificate);
    generator.addSignerInfoGenerator(signerInfoGenerator);
    
    // add our pool of certs and cerls (if any) to go with the signature
    generator.addCertificates(jcaCertStore);
    
    return generator;
    
}
Example #2
Source File: SMimePackageEncryptor.java    From ats-framework with Apache License 2.0 4 votes vote down vote up 
@PublicAtsApi
public Package sign( Package sourcePackage ) throws ActionException {

    try {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }

        KeyStore ks = getKeystore();
        // TODO wrap exception with possible causes and add some hint
        PrivateKey privateKey = (PrivateKey) ks.getKey(aliasOrCN, certPassword.toCharArray());

        // Get whole certificate chain
        Certificate[] certArr = ks.getCertificateChain(aliasOrCN);
        // Pre 4.0.6 behavior was not to attach full cert. chain X509Certificate cer = (X509Certificate) ks.getCertificate(aliasOrCN);
        if (certArr.length >= 1) {
            LOG.debug("Found certificate of alias: " + aliasOrCN + ". Lenght of cert chain: " + certArr.length
                      + ", child cert:" + certArr[0].toString());
        }

        X509Certificate childCert = (X509Certificate) certArr[0];

        /* Create the SMIMESignedGenerator */
        ASN1EncodableVector attributes = new ASN1EncodableVector();
        attributes.add(new SMIMEEncryptionKeyPreferenceAttribute(
                                                                 new IssuerAndSerialNumber(new X500Name(childCert.getIssuerDN()
                                                                                                                 .getName()),
                                                                                           childCert.getSerialNumber())));

        SMIMECapabilityVector capabilities = new SMIMECapabilityVector();
        capabilities.addCapability(SMIMECapability.aES128_CBC);
        capabilities.addCapability(SMIMECapability.dES_EDE3_CBC);
        capabilities.addCapability(SMIMECapability.rC2_CBC, 128);
        capabilities.addCapability(SMIMECapability.dES_CBC);

        attributes.add(new SMIMECapabilitiesAttribute(capabilities));

        if (signatureAlgorithm == null) { // not specified explicitly 
            // TODO check defaults to be used
            signatureAlgorithm = SignatureAlgorithm.DSA.equals(privateKey.getAlgorithm())
                                                                                          ? "SHA1withDSA"
                                                                                          : "MD5withRSA";
        }

        SMIMESignedGenerator signer = new SMIMESignedGenerator();
        JcaSimpleSignerInfoGeneratorBuilder signerGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder();
        signerGeneratorBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
        signerGeneratorBuilder.setSignedAttributeGenerator(new AttributeTable(attributes));
        signer.addSignerInfoGenerator(signerGeneratorBuilder.build(signatureAlgorithm, privateKey,
                                                                   childCert));

        /* Add the list of certs to the generator */
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (int i = 0; i < certArr.length; i++) { // first add child cert, and CAs
            certList.add((X509Certificate) certArr[i]);
        }

        Store<?> certs = new JcaCertStore(certList);
        signer.addCertificates(certs);

        /* Sign the message */
        Session session = Session.getDefaultInstance(System.getProperties(), null);

        MimeMultipart mm = signer.generate(getMimeMessage(sourcePackage));
        MimeMessage signedMessage = new MimeMessage(session);

        /* Set all original MIME headers in the signed message */
        Enumeration<?> headers = getMimeMessage(sourcePackage).getAllHeaderLines();
        while (headers.hasMoreElements()) {
            signedMessage.addHeaderLine((String) headers.nextElement());
        }

        /* Set the content of the signed message */
        signedMessage.setContent(mm);
        signedMessage.saveChanges();

        return new MimePackage(signedMessage);
    } catch (Exception e) {
        throw new ActionException(EXCEPTION_WHILE_SIGNING, e);
    }
}
Example #3
Source File: RequestSigner.java    From signer with GNU Lesser General Public License v3.0 4 votes vote down vote up 
/**
     * Signs a time stamp request
     *
     * @param privateKey private key to sign with
     * @param certificates certificate chain
     * @param request request to be signed
     * @return The signed request
     */
    public byte[] signRequest(PrivateKey privateKey, Certificate[] certificates, byte[] request, String algorithm) {
        try {
            logger.info(timeStampMessagesBundle.getString("info.timestamp.sign.request"));
            Security.addProvider(new BouncyCastleProvider());

            X509Certificate signCert = (X509Certificate) certificates[0];
            List<X509Certificate> certList = new ArrayList<>();
            certList.add(signCert);

            // setup the generator
            CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
            String varAlgorithm = null;
            if (algorithm != null && !algorithm.isEmpty()){
            	varAlgorithm = algorithm;
            }else{
            	
            	// If is WINDOWS, is ONLY WORKS with SHA256
				if (Configuration.getInstance().getSO().toLowerCase().indexOf("indows") > 0) {
					logger.info(timeStampMessagesBundle.getString("info.timestamp.winhash"));
					
					varAlgorithm = "SHA256withRSA";
				}else{
					logger.info(timeStampMessagesBundle.getString("info.timestamp.linuxhash"));					
					varAlgorithm = "SHA512withRSA";
				}
				
            }
            	
            SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().build(varAlgorithm, privateKey, signCert);
            generator.addSignerInfoGenerator(signerInfoGenerator);

            Store<?> certStore = new JcaCertStore(certList);
            generator.addCertificates(certStore);

//            Store crlStore = new JcaCRLStore(crlList);
//            generator.addCRLs(crlStore);
            // Create the signed data object
            CMSTypedData data = new CMSProcessableByteArray(request);
            CMSSignedData signed = generator.generate(data, true);
            return signed.getEncoded();

        } catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) {
            logger.info(ex.getMessage());
        }
        return null;
    }