feat: updates
This commit is contained in:
@@ -13,6 +13,7 @@ import java.security.PrivateKey;
|
|||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
|
|
||||||
// https://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/
|
// https://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/
|
||||||
@@ -32,7 +33,7 @@ import java.util.Calendar;
|
|||||||
public class CreateSignature extends CreateSignatureBase {
|
public class CreateSignature extends CreateSignatureBase {
|
||||||
private final SignOptions signOptions;
|
private final SignOptions signOptions;
|
||||||
|
|
||||||
public CreateSignature(SignOptions signOptions, Certificate[] certificateChain, PrivateKey privateKey)
|
public CreateSignature(SignOptions signOptions, X509Certificate[] certificateChain, PrivateKey privateKey)
|
||||||
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
|
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, IOException {
|
||||||
super(certificateChain, privateKey);
|
super(certificateChain, privateKey);
|
||||||
this.signOptions = signOptions;
|
this.signOptions = signOptions;
|
||||||
|
|||||||
@@ -14,20 +14,21 @@ import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.*;
|
import java.security.*;
|
||||||
import java.security.cert.Certificate;
|
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.security.interfaces.ECPublicKey;
|
||||||
|
import java.security.interfaces.RSAPublicKey;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
// https://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/
|
// https://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/
|
||||||
// org/apache/pdfbox/examples/signature/CreateSignatureBase.java?view=co
|
// org/apache/pdfbox/examples/signature/CreateSignatureBase.java?view=co
|
||||||
public abstract class CreateSignatureBase implements SignatureInterface {
|
public abstract class CreateSignatureBase implements SignatureInterface {
|
||||||
private PrivateKey privateKey;
|
private PrivateKey privateKey;
|
||||||
private Certificate[] certificateChain;
|
private X509Certificate[] certificateChain;
|
||||||
private String tsaUrl;
|
private String tsaUrl;
|
||||||
private boolean externalSigning;
|
private boolean externalSigning;
|
||||||
|
|
||||||
public CreateSignatureBase(Certificate[] certificateChain, PrivateKey privateKey)
|
public CreateSignatureBase(X509Certificate[] certificateChain, PrivateKey privateKey)
|
||||||
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
|
throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
|
||||||
// grabs the first alias from the keystore and get the private key. An
|
// grabs the first alias from the keystore and get the private key. An
|
||||||
// alternative method or constructor could be used for setting a specific
|
// alternative method or constructor could be used for setting a specific
|
||||||
@@ -35,23 +36,20 @@ public abstract class CreateSignatureBase implements SignatureInterface {
|
|||||||
this.privateKey = privateKey;
|
this.privateKey = privateKey;
|
||||||
this.certificateChain = certificateChain;
|
this.certificateChain = certificateChain;
|
||||||
|
|
||||||
final Certificate cert = certificateChain[0];
|
final X509Certificate cert = certificateChain[0];
|
||||||
if (cert instanceof X509Certificate) {
|
cert.checkValidity();
|
||||||
// avoid expired certificate
|
SigUtils.checkCertificateUsage(cert);
|
||||||
((X509Certificate) cert).checkValidity();
|
|
||||||
SigUtils.checkCertificateUsage((X509Certificate) cert);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public final void setPrivateKey(PrivateKey privateKey) {
|
public final void setPrivateKey(PrivateKey privateKey) {
|
||||||
this.privateKey = privateKey;
|
this.privateKey = privateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public final void setCertificateChain(final Certificate[] certificateChain) {
|
public final void setCertificateChain(final X509Certificate[] certificateChain) {
|
||||||
this.certificateChain = certificateChain;
|
this.certificateChain = certificateChain;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Certificate[] getCertificateChain() {
|
public X509Certificate[] getCertificateChain() {
|
||||||
return certificateChain;
|
return certificateChain;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -61,17 +59,25 @@ public abstract class CreateSignatureBase implements SignatureInterface {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public byte[] sign(InputStream content) throws IOException {
|
public byte[] sign(InputStream content) throws IOException {
|
||||||
// cannot be done private (interface)
|
|
||||||
try {
|
try {
|
||||||
final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
|
final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
|
||||||
final X509Certificate cert = (X509Certificate) certificateChain[0];
|
final X509Certificate cert = certificateChain[0];
|
||||||
// TODO use customer signer
|
// TODO use customer signer
|
||||||
final String signatureAlgorithm = "SHA256WithECDSA";
|
final boolean isEcPublicKey = cert.getPublicKey() instanceof ECPublicKey;
|
||||||
// final String signatureAlgorithm = "SHA256WithRSA";
|
final boolean isRsaPublicKey = cert.getPublicKey() instanceof RSAPublicKey;
|
||||||
|
|
||||||
|
final String signatureAlgorithm;
|
||||||
|
if (isEcPublicKey) {
|
||||||
|
signatureAlgorithm = "SHA256WithECDSA";
|
||||||
|
} else if (isRsaPublicKey) {
|
||||||
|
signatureAlgorithm = "SHA256WithRSA";
|
||||||
|
} else {
|
||||||
|
throw new RuntimeException("Supported algorithm: " + cert.getPublicKey().getClass());
|
||||||
|
}
|
||||||
final ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
|
final ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey);
|
||||||
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
|
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
|
||||||
new JcaDigestCalculatorProviderBuilder().build()).build(contentSigner, cert));
|
new JcaDigestCalculatorProviderBuilder().build()).build(contentSigner, cert));
|
||||||
|
|
||||||
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
|
gen.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
|
||||||
final CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
|
final CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
|
||||||
CMSSignedData signedData = gen.generate(msg, false);
|
CMSSignedData signedData = gen.generate(msg, false);
|
||||||
|
|||||||
Reference in New Issue
Block a user