Search in sources :

Example 46 with Certificate

use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithNoExtension.

@Test
public void parseCrlWithNoExtension() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("no-extensions.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", null, parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 47 with Certificate

use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithInvalidityDate.

@Test
public void parseCrlWithInvalidityDate() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("invaliditydate.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 1, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 48 with Certificate

use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.

the class CtLogTest method parseCtLogInCert.

private void parseCtLogInCert(String certFile) throws Exception {
    byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
    certBytes = X509Util.toDerEncoded(certBytes);
    Certificate cert = Certificate.getInstance(certBytes);
    Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
    byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
    SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
    SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
    sct.getDigitallySigned().getEncoded();
    sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
    byte[] encoded2 = sctList2.getEncoded();
    Assert.assertArrayEquals(encodedScts, encoded2);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList) Certificate(org.bouncycastle.asn1.x509.Certificate) SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)

Example 49 with Certificate

use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.

the class IssuerEntry method getIssuerHashAndKeys.

private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
    byte[] encodedName;
    byte[] encodedKey;
    try {
        Certificate bcCert = Certificate.getInstance(encodedCert);
        encodedName = bcCert.getSubject().getEncoded("DER");
        encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    } catch (IllegalArgumentException | IOException ex) {
        throw new CertificateEncodingException(ex.getMessage(), ex);
    }
    Map<HashAlgo, byte[]> hashes = new HashMap<>();
    for (HashAlgo ha : HashAlgo.values()) {
        int hlen = ha.getLength();
        byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
        int offset = 0;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
        offset += hlen;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
        hashes.put(ha, nameAndKeyHash);
    }
    return hashes;
}
Also used : HashMap(java.util.HashMap) HashAlgo(org.xipki.security.HashAlgo) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 50 with Certificate

use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.

the class EjbcaIssuerEntry method getIssuerHashAndKeys.

private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
    byte[] encodedName;
    byte[] encodedKey;
    try {
        Certificate bcCert = Certificate.getInstance(encodedCert);
        encodedName = bcCert.getSubject().getEncoded("DER");
        encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    } catch (IllegalArgumentException | IOException ex) {
        throw new CertificateEncodingException(ex.getMessage(), ex);
    }
    Map<HashAlgo, byte[]> hashes = new HashMap<>();
    for (HashAlgo ha : HashAlgo.values()) {
        int hlen = ha.getLength();
        byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
        int offset = 0;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
        offset += hlen;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
        hashes.put(ha, nameAndKeyHash);
    }
    return hashes;
}
Also used : HashMap(java.util.HashMap) HashAlgo(org.xipki.security.HashAlgo) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)12 Test (org.junit.Test)11 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 ArrayList (java.util.ArrayList)5