当前位置: 首页>>代码示例>>Java>>正文

Java JcaCertStore类代码示例

本文整理汇总了Java中org.bouncycastle.cert.jcajce.JcaCertStore的典型用法代码示例。如果您正苦于以下问题:Java JcaCertStore类的具体用法?Java JcaCertStore怎么用?Java JcaCertStore使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


JcaCertStore类属于org.bouncycastle.cert.jcajce包,在下文中一共展示了JcaCertStore类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: generateP7B

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
public CMSSignedData generateP7B(X509CertificateHolder caCertificate, PrivateKey caPrivateKey) {
	try {
		List<X509CertificateHolder> certChain = new ArrayList<X509CertificateHolder>();
		certChain.add(caCertificate);

		Store certs = new JcaCertStore(certChain);

		CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
		ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(caPrivateKey);

		cmsSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
				new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build())
		.build(sha1Signer, caCertificate));
		cmsSignedDataGenerator.addCertificates(certs);

		CMSTypedData chainMessage = new CMSProcessableByteArray("chain".getBytes());
		CMSSignedData sigData = cmsSignedDataGenerator.generate(chainMessage, false);

		return sigData;
		
	} catch(Exception e) {
		throw new RuntimeException("Error while generating certificate chain: " + e.getMessage(), e);
	}
}
开发者ID:fabiusks,项目名称:cert-services,代码行数:25,代码来源:P7BService.java

示例2: generateSignatureBlock

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private static byte[] generateSignatureBlock(
        SignerConfig signerConfig, byte[] signatureFileBytes)
                throws InvalidKeyException, CertificateEncodingException, SignatureException {
    JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
    X509Certificate signerCert = signerConfig.certificates.get(0);
    String jcaSignatureAlgorithm =
            getJcaSignatureAlgorithm(
                    signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
    try {
        ContentSigner signer =
                new JcaContentSignerBuilder(jcaSignatureAlgorithm)
                .build(signerConfig.privateKey);
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(
                new SignerInfoGeneratorBuilder(
                        new JcaDigestCalculatorProviderBuilder().build(),
                        SignerInfoSignatureAlgorithmFinder.INSTANCE)
                        .setDirectSignature(true)
                        .build(signer, new JcaX509CertificateHolder(signerCert)));
        gen.addCertificates(certs);

        CMSSignedData sigData =
                gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);

        ByteArrayOutputStream out = new ByteArrayOutputStream();
        try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
            DEROutputStream dos = new DEROutputStream(out);
            dos.writeObject(asn1.readObject());
        }
        return out.toByteArray();
    } catch (OperatorCreationException | CMSException | IOException e) {
        throw new SignatureException("Failed to generate signature", e);
    }
}
开发者ID:Meituan-Dianping,项目名称:walle,代码行数:35,代码来源:V1SchemeSigner.java

示例3: generateSignatureBlock

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private static byte[] generateSignatureBlock(SignerConfig signerConfig, byte[] signatureFileBytes) throws InvalidKeyException, CertificateEncodingException, SignatureException {
	JcaCertStore certs = new JcaCertStore(signerConfig.certificates);
	X509Certificate signerCert = signerConfig.certificates.get(0);
	String jcaSignatureAlgorithm = getJcaSignatureAlgorithm(signerCert.getPublicKey(), signerConfig.signatureDigestAlgorithm);
	try {
		ContentSigner signer = new JcaContentSignerBuilder(jcaSignatureAlgorithm).build(signerConfig.privateKey);
		CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
		gen.addSignerInfoGenerator(new SignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build(), SignerInfoSignatureAlgorithmFinder.INSTANCE).setDirectSignature(true).build(signer,
				new JcaX509CertificateHolder(signerCert)));
		gen.addCertificates(certs);

		CMSSignedData sigData = gen.generate(new CMSProcessableByteArray(signatureFileBytes), false);

		ByteArrayOutputStream out = new ByteArrayOutputStream();
		try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
			DEROutputStream dos = new DEROutputStream(out);
			dos.writeObject(asn1.readObject());
		}
		return out.toByteArray();
	} catch (OperatorCreationException | CMSException | IOException e) {
		throw new SignatureException("Failed to generate signature", e);
	}
}
开发者ID:abutun,项目名称:apk-verifier,代码行数:24,代码来源:V1SchemeSigner.java

示例4: testVerifySignature

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Test(description = "This test case tests Signature verification of a Certificate against the keystore")
public void testVerifySignature() throws KeystoreException, CertificateEncodingException, CMSException, IOException {
    BASE64Encoder encoder = new BASE64Encoder();
    //generate and save a certificate in the keystore
    X509Certificate x509Certificate = managementService.generateX509Certificate();
    //Generate CMSdata
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    List<X509Certificate> list = new ArrayList<>();
    list.add(x509Certificate);
    JcaCertStore store = new JcaCertStore(list);
    generator.addCertificates(store);
    CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent());
    byte[] signature = degenerateSd.getEncoded();
    boolean verifySignature = managementService.verifySignature(encoder.encode(signature));
    Assert.assertNotNull(verifySignature);
    Assert.assertTrue(verifySignature);
    log.info("VerifySignature Test Successful");
}
开发者ID:wso2,项目名称:carbon-device-mgt,代码行数:19,代码来源:CertificateManagementServiceImplTests.java

示例5: testExtractCertificateFromSignature

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Test(description = "This test case tests extracting Certificate from the header Signature")
public void testExtractCertificateFromSignature() throws KeystoreException, CertificateEncodingException, CMSException, IOException {
    BASE64Encoder encoder = new BASE64Encoder();
    //generate and save a certificate in the keystore
    X509Certificate x509Certificate = managementService.generateX509Certificate();
    //Generate CMSdata
    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    List<X509Certificate> list = new ArrayList<>();
    list.add(x509Certificate);
    JcaCertStore store = new JcaCertStore(list);
    generator.addCertificates(store);
    CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent());
    byte[] signature = degenerateSd.getEncoded();
    X509Certificate certificate = managementService.extractCertificateFromSignature(encoder.encode(signature));
    Assert.assertNotNull(certificate);
    Assert.assertEquals(certificate.getType(), CertificateManagementConstants.X_509);
    log.info("ExtractCertificateFromSignature Test Successful");
}
开发者ID:wso2,项目名称:carbon-device-mgt,代码行数:19,代码来源:CertificateManagementServiceImplTests.java

示例6: getJcaCertStore

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
 * The order of the certificates is important, the fist one must be the signing certificate.
 *
 * @return a store with the certificate chain of the signing certificate. The {@code Collection} is unique.
 * @throws CertificateEncodingException
 */
private JcaCertStore getJcaCertStore(final Collection<CertificateToken> certificateChain, CAdESSignatureParameters parameters) {

	BaselineBCertificateSelector certificateSelectors = new BaselineBCertificateSelector(certificateVerifier, parameters);
	List<CertificateToken> certificatesToAdd = certificateSelectors.getCertificates();
	for (CertificateToken certificateToken : certificatesToAdd) {
		if (!certificateChain.contains(certificateToken)) {
			certificateChain.add(certificateToken);
		}
	}

	try {
		final Collection<X509Certificate> certs = new ArrayList<X509Certificate>();
		for (final CertificateToken certificateInChain : certificateChain) {
			certs.add(certificateInChain.getCertificate());
		}
		return new JcaCertStore(certs);
	} catch (CertificateEncodingException e) {
		throw new DSSException(e);
	}
}
开发者ID:esig,项目名称:dss,代码行数:27,代码来源:CMSSignedDataBuilder.java

示例7: createTimeStampToken

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
public static TimeStampToken createTimeStampToken(PrivateKey privateKey, List<X509Certificate> certificateChain)
		throws Exception {

	Store certs = new JcaCertStore(certificateChain);

	TimeStampRequestGenerator requestGen = new TimeStampRequestGenerator();
	requestGen.setCertReq(true);
	TimeStampRequest request = requestGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));

	TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
			new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, certificateChain.get(0)),
			new JcaDigestCalculatorProviderBuilder().build()
					.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)),
			new ASN1ObjectIdentifier("1.2"));

	tsTokenGen.addCertificates(certs);
	return tsTokenGen.generate(request, BigInteger.ONE, new Date());
}
开发者ID:e-Contract,项目名称:jtrust,代码行数:19,代码来源:PKITestUtils.java

示例8: sign

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
@Override
public byte[] sign(byte[] data) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
    KeyStore inStore = KeyStore.getInstance("PKCS12");
    inStore.load(new FileInputStream(packageZipConfiguration.pushPackageSignerCertPath), packageZipConfiguration.pushPackageSignerCertPassword.toCharArray());

    Key key = inStore.getKey(packageZipConfiguration.pushPackageSignerCertName, packageZipConfiguration.pushPackageSignerCertPassword.toCharArray());
    PrivateKey privateKey = RSAPrivateKeyImpl.parseKey(new DerValue(key.getEncoded()));
    Certificate certificate = inStore.getCertificate(packageZipConfiguration.pushPackageSignerCertName);
    X509CertificateHolder certificateHolder = new X509CertificateHolder(certificate.getEncoded());

    List certList = new ArrayList();
    CMSTypedData msg = new CMSProcessableByteArray(data); //Data to sign

    certList.add(certificateHolder); //Adding the X509 Certificate

    Store certs = new JcaCertStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    //Initializing the the BC's Signer
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privateKey);

    gen.addSignerInfoGenerator(
            new JcaSignerInfoGeneratorBuilder(
                    new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
                    .build(sha1Signer, certificateHolder));
    //adding the certificate
    gen.addCertificates(certs);
    //Getting the signed data
    CMSSignedData sigData = gen.generate(msg, false);
    return sigData.getEncoded();
}
开发者ID:chriskearney,项目名称:stickypunch,代码行数:33,代码来源:PackageZipSigner.java

示例9: generateMultiPartGost

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private MimeMultipart generateMultiPartGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signGostCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("GOST3411withGOST3410", _signGostKP.getPrivate(), _signGostCert));
    gen.addCertificates(certs);

    return gen.generate(msg);
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:19,代码来源:NewSMIMESignedTest.java

示例10: generateMultiPartECGost

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private MimeMultipart generateMultiPartECGost(
    MimeBodyPart msg)
    throws Exception
{
    List certList = new ArrayList();

    certList.add(_signCert);
    certList.add(_signEcGostCert);

    Store certs = new JcaCertStore(certList);

    SMIMESignedGenerator gen = new SMIMESignedGenerator();

    gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("GOST3411withECGOST3410", _signEcGostKP.getPrivate(), _signEcGostCert));
    gen.addCertificates(certs);

    return gen.generate(msg);
}
开发者ID:credentials,项目名称:irma_future_id,代码行数:19,代码来源:NewSMIMESignedTest.java

示例11: writeSignatureBlock

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
 * Write the certificate file with a digital signature.
 */
private void writeSignatureBlock(CMSTypedData data,
                                 X509Certificate publicKey,
                                 PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {

    ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
    certList.add(publicKey);
    JcaCertStore certs = new JcaCertStore(certList);

    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" +
                                                                   privateKey.getAlgorithm()).build(
            privateKey);
    gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder()
                                                                         .build()).setDirectSignature(
            true).build(sha1Signer, publicKey));
    gen.addCertificates(certs);
    CMSSignedData sigData = gen.generate(data, false);

    ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    DEROutputStream dos = new DEROutputStream(mOutputJar);
    dos.writeObject(asn1.readObject());

    dos.flush();
    dos.close();
    asn1.close();
}
开发者ID:alibaba,项目名称:atlas,代码行数:30,代码来源:LocalSignedJarBuilder.java

示例12: writeSignatureBlock

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/** Sign data and write the digital signature to 'out'. */
private static void writeSignatureBlock(
    CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey,
    OutputStream out)
throws IOException,
CertificateEncodingException,
OperatorCreationException,
CMSException {
    ArrayList < X509Certificate > certList = new ArrayList < > (1);
    certList.add(publicKey);
    JcaCertStore certs = new JcaCertStore(certList);
    CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey))
        .setProvider(sBouncyCastleProvider)
        .build(privateKey);
    gen.addSignerInfoGenerator(
        new JcaSignerInfoGeneratorBuilder(
            new JcaDigestCalculatorProviderBuilder()
            .setProvider(sBouncyCastleProvider)
            .build())
        .setDirectSignature(true)
        .build(signer, publicKey));
    gen.addCertificates(certs);
    CMSSignedData sigData = gen.generate(data, false);
    ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
    DEROutputStream dos = new DEROutputStream(out);
    dos.writeObject(asn1.readObject());
}
开发者ID:bhb27,项目名称:isu,代码行数:29,代码来源:ZipUtils.java

示例13: signRequest

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
     * Signs a time stamp request
     *
     * @param privateKey private key to sign with
     * @param certificates certificate chain
     * @param request request to be signed
     * @return The signed request
     */
    public byte[] signRequest(PrivateKey privateKey, Certificate[] certificates, byte[] request, String algorithm) {
        try {
            logger.info(timeStampMessagesBundle.getString("info.timestamp.sign.request"));
            Security.addProvider(new BouncyCastleProvider());

            X509Certificate signCert = (X509Certificate) certificates[0];
            List<X509Certificate> certList = new ArrayList<>();
            certList.add(signCert);

            // setup the generator
            CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
            String varAlgorithm = null;
            if (algorithm != null && !algorithm.isEmpty()){
            	varAlgorithm = algorithm;
            }else{
            	varAlgorithm = "SHA256withRSA";
            }
            	
            SignerInfoGenerator signerInfoGenerator = new JcaSimpleSignerInfoGeneratorBuilder().build(varAlgorithm, privateKey, signCert);
            generator.addSignerInfoGenerator(signerInfoGenerator);

            Store<?> certStore = new JcaCertStore(certList);
            generator.addCertificates(certStore);

//            Store crlStore = new JcaCRLStore(crlList);
//            generator.addCRLs(crlStore);
            // Create the signed data object
            CMSTypedData data = new CMSProcessableByteArray(request);
            CMSSignedData signed = generator.generate(data, true);
            return signed.getEncoded();

        } catch (CMSException | IOException | OperatorCreationException | CertificateEncodingException ex) {
            logger.info(ex.getMessage());
        }
        return null;
    }
开发者ID:demoiselle,项目名称:signer,代码行数:45,代码来源:RequestSigner.java

示例14: signWithSeparatedHashing

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
/**
 * <a href="http://stackoverflow.com/questions/41767351/create-pkcs7-signature-from-file-digest">
 * Create pkcs7 signature from file digest
 * </a>
 * <p>
 * The OP's <code>sign</code> method after fixing some errors. The
 * OP's original method is {@link #signBySnox(InputStream)}. The
 * errors were
 * </p>
 * <ul>
 * <li>multiple attempts at reading the {@link InputStream} parameter;
 * <li>convoluted creation of final CMS container.
 * </ul>
 * <p>
 * Additionally this method uses SHA256 instead of SHA-1.
 * </p>
 */
public byte[] signWithSeparatedHashing(InputStream content) throws IOException
{
    try
    {
        // Digest generation step
        MessageDigest md = MessageDigest.getInstance("SHA256", "BC");
        byte[] digest = md.digest(IOUtils.toByteArray(content));

        // Separate signature container creation step
        List<Certificate> certList = Arrays.asList(chain);
        JcaCertStore certs = new JcaCertStore(certList);

        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

        Attribute attr = new Attribute(CMSAttributes.messageDigest,
                new DERSet(new DEROctetString(digest)));

        ASN1EncodableVector v = new ASN1EncodableVector();

        v.add(attr);

        SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
                .setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));

        AlgorithmIdentifier sha256withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");

        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(chain[0].getEncoded());
        X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);

        gen.addSignerInfoGenerator(builder.build(
                new BcRSAContentSignerBuilder(sha256withRSA,
                        new DefaultDigestAlgorithmIdentifierFinder().find(sha256withRSA))
                                .build(PrivateKeyFactory.createKey(pk.getEncoded())),
                new JcaX509CertificateHolder(cert)));

        gen.addCertificates(certs);

        CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
        return s.getEncoded();
    }
    catch (Exception e)
    {
        e.printStackTrace();
        throw new IOException(e);
    }
}
开发者ID:mkl-public,项目名称:testarea-pdfbox2,代码行数:65,代码来源:CreateSignature.java

示例15: toSignedData

import org.bouncycastle.cert.jcajce.JcaCertStore; //导入依赖的package包/类
private CMSSignedData toSignedData()
		throws CertificateEncodingException,
		OperatorCreationException, CMSException,
		InvalidKeyException, SignatureException,
		NoSuchAlgorithmException, NoSuchProviderException {
	if (Security.getProvider("BC") == null) {
		Security.addProvider(new BouncyCastleProvider());
	}

	List<X509Certificate> certList = new ArrayList<X509Certificate>();
	CMSTypedData msg = new CMSProcessableByteArray(Xml.this
			.toString().getBytes(Charsets.UTF_8));

	certList.add(signCert);

	@SuppressWarnings("unchecked")
	Store<X509Certificate> certs = new JcaCertStore(certList);

	CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
	ContentSigner signer = new JcaContentSignerBuilder(
			BouncyCastleWsaaManager.SIGNING_ALGORITHM)
		.setProvider("BC").build(privateKey);

	gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
			new JcaDigestCalculatorProviderBuilder().setProvider(
					"BC").build()).build(signer, signCert));

	gen.addCertificates(certs);

	return gen.generate(msg, true);
}
开发者ID:NibiruOS,项目名称:afip,代码行数:32,代码来源:LoginTicketRequest.java


注:本文中的org.bouncycastle.cert.jcajce.JcaCertStore类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。