@Override
    public RsaSignResponse sign(RsaSignRequest request) throws Exception {

        Security.addProvider(new BouncyCastleProvider());
        BouncyCastleProvider provider = (BouncyCastleProvider) Security.getProvider("BC");
        PrivateKey key = (PrivateKey) keyStore.getKey(KEYSTORE_ALIAS, KEYSTORE_PWD.toCharArray());
        X509Certificate cert = (X509Certificate) keyStore
                .getCertificate(KEYSTORE_ALIAS);

        CMSTypedData msg = new CMSProcessableByteArray(request.getDataToSign().getBytes());
        CMSSignedDataGenerator signedDataGen = new CMSSignedDataGenerator();
        X509CertificateHolder signCert = new X509CertificateHolder(
                cert.getEncoded());
        ContentSigner signer = new JcaContentSignerBuilder("sha256WithRSAEncryption").setProvider(provider)
                .build(key);

        signedDataGen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider(provider)
                        .build()
        ).setDirectSignature(true).build(signer, signCert));

        // add the signing cert to the signature
        JcaCertStore certs = new JcaCertStore(Collections.singletonList(cert));
        signedDataGen.addCertificates(certs);
        CMSSignedData signedData = signedDataGen.generate(msg, true);
        byte[] signatureBytes = signedData.getEncoded("DER");

        MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
        byte[] hashedString = messageDigest.digest(request.getDataToSign().getBytes());

        return new RsaSignResponse()
                .setDataToSignBase64(new String(Base64.getEncoder().encode(request.getDataToSign().getBytes(StandardCharsets.UTF_8))))
                .setAttachedSignature(new String(Base64.getEncoder().encode(signatureBytes)))
                .setPublicCertificate(new String(Base64.getEncoder().encode(cert.getEncoded())))
                .setMessageDigest(new String(Base64.getEncoder().encode(hashedString)));
    }