Signing messages with a nonrepudiation key
The toolkit provides the Security Manager support to sign messages with a nonrepudiation key.
Logging the user
Create and log in a user.
User user = new User();user.login(credentialReader, new SecureStringBuffer(password));Selecting the non-repudiation key
Retrieve a certificate verifier.
CertVerifier certVerifier = new CertVerifier(rootCertificate, ldapDirectory, null);Set up a key and certificate source for the logged-in user's nonrepudiation key.
KeyAndCertificateSource source = new KeyAndCertificateSource(user);To find the nonrepudiation keys, first look for the user's certificates with that key usage.
KeyUsage keyUsage = new KeyUsage(KeyUsage.nonRepudiation);X509Certificate[] nonRepudiationCerts = user.getUserCertificates(keyUsage);Get the nonrepudiation key matching the first certificate.
PrivateKey nonRepudiationKey = user.getUserPrivateKey(nonRepudiationCerts[0]);Additional checks for empty arrays have been omitted from this example.
Set the key to use for signing the message.
source.setSigningInfo(nonRepudationKey, nonRepudiationCerts[0]);Saving the signed data
Create an output stream to write the signed data.
ByteArrayOutputStream p7OutStream = new ByteArrayOutputStream();Create the PKCS #7 encoder object.
PKCS7EncodeStream p7EncodeStream = new PKCS7EncodeStream(source,p7OutStream, PKCS7EncodeStream.SIGN_ONLY);Write the signed data to the encode stream.
encoder.write(toBeSigned);Close the encoder to flush any data remaining in the stream and write the signature.
encoder.close();Log the user out.
user.logout();