Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import com.google.api.services.cloudkms.v1.CloudKMS;
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.operator.ContentSigner;
- import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
- import java.io.ByteArrayOutputStream;
- import java.io.IOException;
- import java.io.OutputStream;
- import java.security.NoSuchAlgorithmException;
- import static sg.sleek.filesign.signature.GoogleKMSSimpleSign.createAuthorizedClient;
- import static sg.sleek.filesign.signature.GoogleKMSSimpleSign.signAsymmetric;
- public class GoogleKMSContentSigner implements ContentSigner {
- private ByteArrayOutputStream outputStream;
- private AlgorithmIdentifier sigAlgId;
- private String keyPath;
- private String googleAuthorisationKeyFileName;
- /**
- * Initialise Google KMS content signer
- * @param keyPath path to a KMS key
- * @param googleAuthorisationKeyFileName File name inside resource to access KMS
- */
- public GoogleKMSContentSigner(String keyPath, String googleAuthorisationKeyFileName){
- this.keyPath = keyPath;
- this.googleAuthorisationKeyFileName = googleAuthorisationKeyFileName;
- this.sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WITHRSAANDMGF1");
- this.outputStream = new ByteArrayOutputStream();
- }
- @Override
- public AlgorithmIdentifier getAlgorithmIdentifier() {
- return this.sigAlgId;
- }
- @Override
- public OutputStream getOutputStream() {
- return this.outputStream;
- }
- @Override
- public byte[] getSignature() {
- try {
- CloudKMS kms = createAuthorizedClient(this.googleAuthorisationKeyFileName);
- byte[] signedAttributeSet = outputStream.toByteArray();
- return signAsymmetric(signedAttributeSet, kms, this.keyPath);
- } catch (IOException | NoSuchAlgorithmException e) {
- e.printStackTrace();
- throw new RuntimeException("Unable to sign with KMS");
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement