use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class V3TBSCertificateGenerator method generateTBSCertificate.
public TBSCertificate generateTBSCertificate() {
if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
}
ASN1EncodableVector v = new ASN1EncodableVector(10);
v.add(version);
v.add(serialNumber);
v.add(signature);
v.add(issuer);
//
// before and after dates
//
{
ASN1EncodableVector validity = new ASN1EncodableVector(2);
validity.add(startDate);
validity.add(endDate);
v.add(new DERSequence(validity));
}
if (subject != null) {
v.add(subject);
} else {
v.add(new DERSequence());
}
v.add(subjectPublicKeyInfo);
if (issuerUniqueID != null) {
v.add(new DERTaggedObject(false, 1, issuerUniqueID));
}
if (subjectUniqueID != null) {
v.add(new DERTaggedObject(false, 2, subjectUniqueID));
}
if (extensions != null) {
v.add(new DERTaggedObject(true, 3, extensions));
}
return TBSCertificate.getInstance(new DERSequence(v));
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class ParentCertIssuedValidation method validate.
public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException {
if (workingIssuerName != null) {
if (!workingIssuerName.equals(certificate.getIssuer())) {
throw new CertPathValidationException("Certificate issue does not match parent");
}
}
if (workingPublicKey != null) {
try {
SubjectPublicKeyInfo validatingKeyInfo;
if (workingPublicKey.getAlgorithm().equals(workingAlgId)) {
validatingKeyInfo = workingPublicKey;
} else {
validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey());
}
if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) {
throw new CertPathValidationException("Certificate signature not for public key in parent");
}
} catch (OperatorCreationException e) {
throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e);
} catch (CertException e) {
throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e);
} catch (IOException e) {
throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e);
}
}
workingIssuerName = certificate.getSubject();
workingPublicKey = certificate.getSubjectPublicKeyInfo();
if (workingAlgId != null) {
// check for inherited parameters
if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) {
if (!isNull(workingPublicKey.getAlgorithm().getParameters())) {
workingAlgId = workingPublicKey.getAlgorithm();
}
} else {
workingAlgId = workingPublicKey.getAlgorithm();
}
} else {
workingAlgId = workingPublicKey.getAlgorithm();
}
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class X509v3CertificateBuilder method generateStructure.
private static Certificate generateStructure(TBSCertificate tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature) {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return Certificate.getInstance(new DERSequence(v));
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class CertificateConfirmationContentBuilder method build.
public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider) throws CMPException {
ASN1EncodableVector v = new ASN1EncodableVector();
for (int i = 0; i != acceptedCerts.size(); i++) {
X509CertificateHolder certHolder = (X509CertificateHolder) acceptedCerts.get(i);
BigInteger reqID = (BigInteger) acceptedReqIds.get(i);
AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
if (digAlg == null) {
throw new CMPException("cannot find algorithm for digest from signature");
}
DigestCalculator digester;
try {
digester = digesterProvider.get(digAlg);
} catch (OperatorCreationException e) {
throw new CMPException("unable to create digest: " + e.getMessage(), e);
}
CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
v.add(new CertStatus(digester.getDigest(), reqID));
}
return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder);
}
use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.
the class CertificateStatus method isVerified.
public boolean isVerified(X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider) throws CMPException {
AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
if (digAlg == null) {
throw new CMPException("cannot find algorithm for digest from signature");
}
DigestCalculator digester;
try {
digester = digesterProvider.get(digAlg);
} catch (OperatorCreationException e) {
throw new CMPException("unable to create digester: " + e.getMessage(), e);
}
CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
}
Aggregations