2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2021 Nokia.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.cmpv2client.impl;
24 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
25 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
26 import org.bouncycastle.jce.provider.BouncyCastleProvider;
27 import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
29 import java.security.GeneralSecurityException;
30 import java.security.PrivateKey;
31 import java.security.Signature;
34 * Implementation of signature PKIMessage protection
36 public class SignatureProtection extends PkiMessageProtection {
38 private static final AlgorithmIdentifier SHA256_RSA_ALGORITHM = new DefaultSignatureAlgorithmIdentifierFinder()
39 .find("SHA256withRSA");
41 private final PrivateKey oldPrivateKey;
43 SignatureProtection(PrivateKey privateKey) {
44 this.oldPrivateKey = privateKey;
48 AlgorithmIdentifier getAlgorithmIdentifier() {
49 return SHA256_RSA_ALGORITHM;
53 byte[] generateProtectionBytes(byte[] protectedBytes) throws GeneralSecurityException {
55 Signature.getInstance(
56 PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(),
57 BouncyCastleProvider.PROVIDER_NAME);
58 signature.initSign(oldPrivateKey);
59 signature.update(protectedBytes, 0, protectedBytes.length);
60 return signature.sign();