use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.
the class X509Cert method checkBcSignature.
private void checkBcSignature(PublicKey key, Signature signature) throws CertificateException, SignatureException, InvalidKeyException {
Certificate c = bcInstance.toASN1Structure();
if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) {
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
signature.initVerify(key);
try {
signature.update(c.getTBSCertificate().getEncoded());
} catch (IOException ex) {
throw new CertificateException("error encoding TBSCertificate");
}
if (!signature.verify(c.getSignature().getBytes())) {
throw new SignatureException("certificate does not verify with supplied key");
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrlWithNoRevokedCerts.
@Test
public void parseCrlWithNoRevokedCerts() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("no-revoked-certs.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 0, numRevokedCerts);
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project TLS-Scanner by RUB-NDS.
the class TrustAnchorManager method getFullCaCertificateSet.
private Set<Certificate> getFullCaCertificateSet() {
Set<Certificate> certificateSet = new HashSet<>();
for (CertificateEntry entry : trustAnchors.values()) {
InputStream resourceAsStream = TrustAnchorManager.class.getClassLoader().getResourceAsStream("trust/" + entry.getFingerprint() + ".pem");
try {
org.bouncycastle.crypto.tls.Certificate cert = PemUtil.readCertificate(resourceAsStream);
certificateSet.add(cert.getCertificateAt(0));
} catch (IOException | CertificateException ex) {
LOGGER.error("Could not load Certificate:" + entry.getSubjectName() + "/" + entry.getFingerprint(), ex);
}
}
return certificateSet;
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project cloud-security-xsuaa-integration by SAP.
the class SecurityContext method clearCertificate.
/**
* Clears the current Certificate from thread wide storage.
*/
private static void clearCertificate() {
final Certificate certificate = certificateStorage.get();
if (certificate != null) {
LOGGER.debug("Certificate removed from SecurityContext (thread-locally).");
certificateStorage.remove();
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jruby-openssl by jruby.
the class OCSPRequest method findCertByName.
private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException {
Ruby runtime = getRuntime();
if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) {
ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts();
if (certs != null) {
Iterator<ASN1Encodable> it = certs.iterator();
while (it.hasNext()) {
Certificate cert = Certificate.getInstance(it.next());
if (genX500Name.equals(cert.getSubject()))
return new X509AuxCertificate(cert);
}
}
}
@SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates;
for (X509Certificate cert : certList) {
if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded())))
return new X509AuxCertificate(cert);
}
return null;
}
Aggregations