You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by le...@apache.org on 2015/02/12 18:57:57 UTC

svn commit: r1659342 - /pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java

Author: lehmi
Date: Thu Feb 12 17:57:56 2015
New Revision: 1659342

URL: http://svn.apache.org/r1659342
Log:
PDFBOX-1822: create a valid signature

Modified:
    pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java

Modified: pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java?rev=1659342&r1=1659341&r2=1659342&view=diff
==============================================================================
--- pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java (original)
+++ pdfbox/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/CreateSignature.java Thu Feb 12 17:57:56 2015
@@ -32,7 +32,6 @@ import java.security.NoSuchAlgorithmExce
 import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
-import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Collection;
@@ -51,22 +50,20 @@ import org.bouncycastle.asn1.cms.Attribu
 import org.bouncycastle.asn1.cms.AttributeTable;
 import org.bouncycastle.asn1.cms.Attributes;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
 import org.bouncycastle.cms.SignerInformation;
 import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
 import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
 import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
 import org.bouncycastle.tsp.TSPException;
+import org.bouncycastle.util.Store;
 
 /**
  * An example for singing a PDF with bouncy castle.
@@ -82,7 +79,7 @@ import org.bouncycastle.tsp.TSPException
 public class CreateSignature implements SignatureInterface
 {
     private final PrivateKey privateKey;
-    private final Certificate[] certificateChain;
+    private final Certificate certificate;
     private TSAClient tsaClient;
 
     /**
@@ -110,7 +107,8 @@ public class CreateSignature implements
             throw new KeyStoreException("Keystore is empty");
         }
         privateKey = (PrivateKey) keystore.getKey(alias, password);
-        certificateChain = keystore.getCertificateChain(alias);
+        Certificate[] certificateChain = keystore.getCertificateChain(alias);
+        certificate = certificateChain[0];
     }
 
     /**
@@ -252,22 +250,18 @@ public class CreateSignature implements
     {
         try
         {
-            org.bouncycastle.asn1.x509.Certificate certificate =
-                    org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(certificateChain[0].getEncoded()));
+            List<Certificate> certList = new ArrayList<Certificate>();
+            certList.add(certificate);
+            Store certs = new JcaCertStore(certList);
             CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
-            
-            AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WITHRSAENCRYPTION");
-            AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
-            RSAPrivateKey privateRSAKey = (RSAPrivateKey)privateKey; 
-            RSAKeyParameters keyParams = new RSAKeyParameters(true, privateRSAKey.getModulus(), privateRSAKey.getPrivateExponent()); 
-            ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParams);
-
-            gen.addSignerInfoGenerator(
-                    new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
-                        .build(sigGen, new X509CertificateHolder(certificate)));
-            CMSProcessableInputStream processable = new CMSProcessableInputStream(content);
-            CMSSignedData signedData = gen.generate(processable, false);
+            org.bouncycastle.asn1.x509.Certificate cert =
+                    org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(certificate.getEncoded()));
+            ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA256WithRSA").build(privateKey);
+            gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
+                    new JcaDigestCalculatorProviderBuilder().build()).build(sha1Signer, new X509CertificateHolder(cert)));
+            gen.addCertificates(certs);
+            CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
+            CMSSignedData signedData = gen.generate(msg, false);
             if (tsaClient != null)
             {
                 signedData = signTimeStamps(signedData);