diff options
Diffstat (limited to 'common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java')
-rw-r--r-- | common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java new file mode 100644 index 0000000000..7b7273e810 --- /dev/null +++ b/common-be/src/main/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSigner.java @@ -0,0 +1,98 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.csar.security; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.Key; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Collections; +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.cms.ContentInfo; +import org.bouncycastle.cert.jcajce.JcaCertStore; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSSignedData; +import org.bouncycastle.cms.CMSSignedDataGenerator; +import org.bouncycastle.cms.CMSTypedData; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.openecomp.sdc.be.csar.security.api.CmsContentSigner; +import org.openecomp.sdc.be.csar.security.exception.CmsSignatureException; +import org.springframework.stereotype.Component; + +@Component +public class Sha256WithRsaCmsContentSigner implements CmsContentSigner { + + @Override + public byte[] signData(final byte[] data, final Certificate signingCertificate, final Key signingKey) + throws CmsSignatureException { + + final CMSTypedData cmsData = new CMSProcessableByteArray(data); + final JcaCertStore certStore = createCertificateStore(signingCertificate); + try { + final ContentSigner contentSigner + = new JcaContentSignerBuilder("SHA256withRSA") + .setProvider(BouncyCastleProvider.PROVIDER_NAME).build((PrivateKey) signingKey); + + final CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator(); + cmsGenerator.addSignerInfoGenerator( + new JcaSignerInfoGeneratorBuilder( + new JcaDigestCalculatorProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build() + ).build(contentSigner, (X509Certificate) signingCertificate) + ); + cmsGenerator.addCertificates(certStore); + + final CMSSignedData cms = cmsGenerator.generate(cmsData, false); + return cms.getEncoded(); + } catch (final Exception e) { + throw new CmsSignatureException("Could not sign the given data", e); + } + } + + @Override + public String formatToPemSignature(final byte[] signedData) throws CmsSignatureException { + final StringWriter sw = new StringWriter(); + try (final JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(sw)) { + final ContentInfo ci = ContentInfo.getInstance(ASN1Primitive.fromByteArray(signedData)); + jcaPEMWriter.writeObject(ci); + } catch (final IOException e) { + throw new CmsSignatureException("Could not convert signed data to PEM format", e); + } + return sw.toString(); + } + + private JcaCertStore createCertificateStore(final Certificate signingCertificate) throws CmsSignatureException { + try { + return new JcaCertStore(Collections.singletonList(signingCertificate)); + } catch (final CertificateEncodingException e) { + final String errorMsg = String + .format("Could not create certificate store from certificate '%s'", signingCertificate); + throw new CmsSignatureException(errorMsg, e); + } + } + +} |