Search in sources :

Example 76 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class X509Cert method checkBcSignature.

private void checkBcSignature(PublicKey key, Signature signature) throws CertificateException, SignatureException, InvalidKeyException {
    Certificate c = bcInstance.toASN1Structure();
    if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) {
        throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
    }
    signature.initVerify(key);
    try {
        signature.update(c.getTBSCertificate().getEncoded());
    } catch (IOException ex) {
        throw new CertificateException("error encoding TBSCertificate");
    }
    if (!signature.verify(c.getSignature().getBytes())) {
        throw new SignatureException("certificate does not verify with supplied key");
    }
}
Also used : CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 77 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithNoRevokedCerts.

@Test
public void parseCrlWithNoRevokedCerts() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("no-revoked-certs.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 0, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 78 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project TLS-Scanner by RUB-NDS.

the class TrustAnchorManager method getFullCaCertificateSet.

private Set<Certificate> getFullCaCertificateSet() {
    Set<Certificate> certificateSet = new HashSet<>();
    for (CertificateEntry entry : trustAnchors.values()) {
        InputStream resourceAsStream = TrustAnchorManager.class.getClassLoader().getResourceAsStream("trust/" + entry.getFingerprint() + ".pem");
        try {
            org.bouncycastle.crypto.tls.Certificate cert = PemUtil.readCertificate(resourceAsStream);
            certificateSet.add(cert.getCertificateAt(0));
        } catch (IOException | CertificateException ex) {
            LOGGER.error("Could not load Certificate:" + entry.getSubjectName() + "/" + entry.getFingerprint(), ex);
        }
    }
    return certificateSet;
}
Also used : BufferedInputStream(java.io.BufferedInputStream) InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) HashSet(java.util.HashSet)

Example 79 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project cloud-security-xsuaa-integration by SAP.

the class SecurityContext method clearCertificate.

/**
 * Clears the current Certificate from thread wide storage.
 */
private static void clearCertificate() {
    final Certificate certificate = certificateStorage.get();
    if (certificate != null) {
        LOGGER.debug("Certificate removed from SecurityContext (thread-locally).");
        certificateStorage.remove();
    }
}
Also used : Certificate(com.sap.cloud.security.x509.Certificate)

Example 80 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jruby-openssl by jruby.

the class OCSPRequest method findCertByName.

private java.security.cert.Certificate findCertByName(ASN1Encodable genX500Name, IRubyObject certificates, int flags) throws CertificateException, IOException {
    Ruby runtime = getRuntime();
    if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0) {
        ASN1Sequence certs = asn1bcReq.getOptionalSignature().getCerts();
        if (certs != null) {
            Iterator<ASN1Encodable> it = certs.iterator();
            while (it.hasNext()) {
                Certificate cert = Certificate.getInstance(it.next());
                if (genX500Name.equals(cert.getSubject()))
                    return new X509AuxCertificate(cert);
            }
        }
    }
    @SuppressWarnings("unchecked") List<X509Certificate> certList = (RubyArray) certificates;
    for (X509Certificate cert : certList) {
        if (genX500Name.equals(X500Name.getInstance(cert.getSubjectX500Principal().getEncoded())))
            return new X509AuxCertificate(cert);
    }
    return null;
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) RubyArray(org.jruby.RubyArray) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate) Ruby(org.jruby.Ruby) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) X509AuxCertificate(org.jruby.ext.openssl.x509store.X509AuxCertificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5