Search in sources :

Example 41 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project open-ecard by ecsec.

the class HostnameVerifier method isValid.

@Override
public void isValid(TlsServerCertificate chain, String hostOrIp) throws CertificateVerificationException {
    try {
        TlsCertificate tlsCert = chain.getCertificate().getCertificateAt(0);
        Certificate cert = Certificate.getInstance(tlsCert.getEncoded());
        validInt(cert, hostOrIp);
    } catch (IOException ex) {
        throw new CertificateVerificationException("Invalid certificate received from server.", ex);
    }
}
Also used : CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) IOException(java.io.IOException) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) Certificate(org.openecard.bouncycastle.asn1.x509.Certificate) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)

Example 42 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project open-ecard by ecsec.

the class KeyLengthVerifier method isValid.

@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
    try {
        boolean firstCert = true;
        for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
            Certificate x509 = Certificate.getInstance(next.getEncoded());
            boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
            // skip key comparison step if this is a root certificate, but still check self signed server certs
            boolean isRootCert = selfSigned && !firstCert;
            if (!isRootCert) {
                // determine if key has the minimum size
                KeyTools.assertKeyLength(x509);
                firstCert = false;
            }
        }
    } catch (IOException ex) {
        String msg = "Failed to extract public key from certificate.";
        throw new CertificateVerificationException(msg, ex);
    } catch (KeyLengthException ex) {
        String msg = "The key in the certificate does not satisfy the length requirements.";
        throw new CertificateVerificationException(msg, ex);
    }
}
Also used : CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) IOException(java.io.IOException) KeyLengthException(org.openecard.crypto.common.keystore.KeyLengthException) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) Certificate(org.openecard.bouncycastle.asn1.x509.Certificate)

Example 43 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithNoCrlNumber.

@Test
public void parseCrlWithNoCrlNumber() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("no-crlnumber.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", null, parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 44 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrl_revoked.

@Test
public void parseCrl_revoked() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("revoked-certs.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 45 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithNoExtension.

@Test
public void parseCrlWithNoExtension() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("no-extensions.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", null, parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5