View Javadoc
1   /*
2    * Copyright 2024 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.pkitesting;
17  
18  import org.bouncycastle.asn1.ASN1Encodable;
19  import org.bouncycastle.asn1.ASN1ObjectIdentifier;
20  import org.bouncycastle.asn1.ASN1Primitive;
21  import org.bouncycastle.asn1.DERBitString;
22  import org.bouncycastle.asn1.DERSequence;
23  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
24  
25  import java.io.ByteArrayInputStream;
26  import java.io.IOException;
27  import java.io.InputStream;
28  import java.io.UncheckedIOException;
29  import java.security.InvalidKeyException;
30  import java.security.NoSuchAlgorithmException;
31  import java.security.PrivateKey;
32  import java.security.Provider;
33  import java.security.Signature;
34  import java.security.SignatureException;
35  import java.util.Objects;
36  
37  final class Signed {
38      private final byte[] toBeSigned;
39      private final String algorithmIdentifier;
40      private final PrivateKey privateKey;
41  
42      Signed(byte[] toBeSigned, X509Bundle signer) {
43          this(toBeSigned, signer.getCertificate().getSigAlgName(), signer.getKeyPair().getPrivate());
44      }
45  
46      Signed(byte[] toBeSigned, String algorithmIdentifier, PrivateKey privateKey) {
47          this.toBeSigned = Objects.requireNonNull(toBeSigned, "toBeSigned");
48          this.algorithmIdentifier = Objects.requireNonNull(algorithmIdentifier, "algorithmIdentifier");
49          this.privateKey = privateKey;
50      }
51  
52      byte[] getEncoded(Provider provider) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
53          Signature signature = Algorithms.signature(algorithmIdentifier, provider);
54          signature.initSign(privateKey);
55          signature.update(toBeSigned);
56          byte[] signatureBytes = signature.sign();
57          try {
58              return new DERSequence(new ASN1Encodable[]{
59                      ASN1Primitive.fromByteArray(toBeSigned),
60                      new AlgorithmIdentifier(new ASN1ObjectIdentifier(
61                              Algorithms.oidForAlgorithmName(algorithmIdentifier))),
62                      new DERBitString(signatureBytes)
63              }).getEncoded("DER");
64          } catch (IOException e) {
65              throw new UncheckedIOException(e);
66          }
67      }
68  
69      InputStream toInputStream(Provider provider)
70              throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
71          return new ByteArrayInputStream(getEncoded(provider));
72      }
73  }