Examples with Signature com.github.zhenwei.core.asn1.ocsp.Signature used on opensource projects

Example 71 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CertUtils method generateCRLStructure.

private static CertificateList generateCRLStructure(TBSCertList tbsCertList, AlgorithmIdentifier sigAlgId, byte[] signature) {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCertList);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return CertificateList.getInstance(new DERSequence(v));
}

Example 72 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class X509CertificateHolder method isSignatureValid.

/**
 * Validate the signature on the certificate in this holder.
 *
 * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
 *                         signature.
 * @return true if the signature is valid, false otherwise.
 * @throws CertException if the signature cannot be processed or is inappropriate.
 */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
    TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
    if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
        throw new CertException("signature invalid - algorithm identifier mismatch");
    }
    ContentVerifier verifier;
    try {
        verifier = verifierProvider.get((tbsCert.getSignature()));
        OutputStream sOut = verifier.getOutputStream();
        tbsCert.encodeTo(sOut, ASN1Encoding.DER);
        sOut.close();
    } catch (Exception e) {
        throw new CertException("unable to process signature: " + e.getMessage(), e);
    }
    return verifier.verify(this.getSignature());
}

Example 73 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class ProtectedPKIMessageBuilder method build.

/**
 * Build a protected PKI message which has MAC based integrity protection.
 *
 * @param signer the ContentSigner to be used to calculate the signature.
 * @return the resulting protected PKI message.
 * @throws CMPException if the protection signature cannot be calculated.
 */
public ProtectedPKIMessage build(ContentSigner signer) throws CMPException {
    if (null == body) {
        throw new IllegalStateException("body must be set before building");
    }
    finaliseHeader(signer.getAlgorithmIdentifier());
    PKIHeader header = hdrBuilder.build();
    try {
        DERBitString protection = new DERBitString(calculateSignature(signer, header, body));
        return finaliseMessage(header, protection);
    } catch (IOException e) {
        throw new CMPException("unable to encode signature input: " + e.getMessage(), e);
    }
}

Example 74 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class ProtectedPKIMessage method verifySignature.

private boolean verifySignature(byte[] signature, ContentVerifier verifier) throws IOException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(pkiMessage.getHeader());
    v.add(pkiMessage.getBody());
    OutputStream sOut = verifier.getOutputStream();
    sOut.write(new DERSequence(v).getEncoded(ASN1Encoding.DER));
    sOut.close();
    return verifier.verify(signature);
}

Example 75 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CMSSignedDataStreamGenerator method open.

/**
 * generate a signed object that for a CMS Signed Data object using the given provider - if
 * encapsulate is true a copy of the message will be included in the signature. The content type
 * is set according to the OID represented by the string signedContentType.
 *
 * @param eContentType     OID for data to be signed.
 * @param out              stream the CMS object is to be written to.
 * @param encapsulate      true if data should be encapsulated.
 * @param dataOutputStream output stream to copy the data being signed to.
 */
public OutputStream open(ASN1ObjectIdentifier eContentType, OutputStream out, boolean encapsulate, OutputStream dataOutputStream) throws IOException {
    // TODO
    // if (_signerInfs.isEmpty())
    // {
    // /* RFC 3852 5.2
    // * "In the degenerate case where there are no signers, the
    // * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
    // * case, the content type within the EncapsulatedContentInfo value being
    // * "signed" MUST be id-data (as defined in section 4), and the content
    // * field of the EncapsulatedContentInfo value MUST be omitted."
    // */
    // if (encapsulate)
    // {
    // throw new IllegalArgumentException("no signers, encapsulate must be false");
    // }
    // if (!DATA.equals(eContentType))
    // {
    // throw new IllegalArgumentException("no signers, eContentType must be id-data");
    // }
    // }
    // 
    // if (!DATA.equals(eContentType))
    // {
    // /* RFC 3852 5.3
    // * [The 'signedAttrs']...
    // * field is optional, but it MUST be present if the content type of
    // * the EncapsulatedContentInfo value being signed is not id-data.
    // */
    // // TODO signedAttrs must be present for all signers
    // }
    // 
    // ContentInfo
    // 
    BERSequenceGenerator sGen = new BERSequenceGenerator(out);
    sGen.addObject(CMSObjectIdentifiers.signedData);
    // 
    // Signed Data
    // 
    BERSequenceGenerator sigGen = new BERSequenceGenerator(sGen.getRawOutputStream(), 0, true);
    sigGen.addObject(calculateVersion(eContentType));
    Set<AlgorithmIdentifier> digestAlgs = new HashSet<AlgorithmIdentifier>();
    // 
    for (Iterator it = _signers.iterator(); it.hasNext(); ) {
        SignerInformation signer = (SignerInformation) it.next();
        CMSUtils.addDigestAlgs(digestAlgs, signer, digestAlgIdFinder);
    }
    for (Iterator it = signerGens.iterator(); it.hasNext(); ) {
        SignerInfoGenerator signerGen = (SignerInfoGenerator) it.next();
        digestAlgs.add(signerGen.getDigestAlgorithm());
    }
    sigGen.getRawOutputStream().write(CMSUtils.convertToBERSet(digestAlgs).getEncoded());
    BERSequenceGenerator eiGen = new BERSequenceGenerator(sigGen.getRawOutputStream());
    eiGen.addObject(eContentType);
    // If encapsulating, add the data as an octet string in the sequence
    OutputStream encapStream = encapsulate ? CMSUtils.createBEROctetOutputStream(eiGen.getRawOutputStream(), 0, true, _bufferSize) : null;
    // Also send the data to 'dataOutputStream' if necessary
    OutputStream contentStream = CMSUtils.getSafeTeeOutputStream(dataOutputStream, encapStream);
    // Let all the signers see the data as it is written
    OutputStream sigStream = CMSUtils.attachSignersToOutputStream(signerGens, contentStream);
    return new CmsSignedDataOutputStream(sigStream, eContentType, sGen, sigGen, eiGen);
}