Search in sources :

Example 36 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class V3TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificate generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
    }
    ASN1EncodableVector v = new ASN1EncodableVector(10);
    v.add(version);
    v.add(serialNumber);
    v.add(signature);
    v.add(issuer);
    // 
    // before and after dates
    // 
    {
        ASN1EncodableVector validity = new ASN1EncodableVector(2);
        validity.add(startDate);
        validity.add(endDate);
        v.add(new DERSequence(validity));
    }
    if (subject != null) {
        v.add(subject);
    } else {
        v.add(new DERSequence());
    }
    v.add(subjectPublicKeyInfo);
    if (issuerUniqueID != null) {
        v.add(new DERTaggedObject(false, 1, issuerUniqueID));
    }
    if (subjectUniqueID != null) {
        v.add(new DERTaggedObject(false, 2, subjectUniqueID));
    }
    if (extensions != null) {
        v.add(new DERTaggedObject(true, 3, extensions));
    }
    return TBSCertificate.getInstance(new DERSequence(v));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 37 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class ParentCertIssuedValidation method validate.

public void validate(CertPathValidationContext context, X509CertificateHolder certificate) throws CertPathValidationException {
    if (workingIssuerName != null) {
        if (!workingIssuerName.equals(certificate.getIssuer())) {
            throw new CertPathValidationException("Certificate issue does not match parent");
        }
    }
    if (workingPublicKey != null) {
        try {
            SubjectPublicKeyInfo validatingKeyInfo;
            if (workingPublicKey.getAlgorithm().equals(workingAlgId)) {
                validatingKeyInfo = workingPublicKey;
            } else {
                validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey());
            }
            if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) {
                throw new CertPathValidationException("Certificate signature not for public key in parent");
            }
        } catch (OperatorCreationException e) {
            throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e);
        } catch (CertException e) {
            throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e);
        } catch (IOException e) {
            throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e);
        }
    }
    workingIssuerName = certificate.getSubject();
    workingPublicKey = certificate.getSubjectPublicKeyInfo();
    if (workingAlgId != null) {
        // check for inherited parameters
        if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) {
            if (!isNull(workingPublicKey.getAlgorithm().getParameters())) {
                workingAlgId = workingPublicKey.getAlgorithm();
            }
        } else {
            workingAlgId = workingPublicKey.getAlgorithm();
        }
    } else {
        workingAlgId = workingPublicKey.getAlgorithm();
    }
}
Also used : CertPathValidationException(com.github.zhenwei.pkix.cert.path.CertPathValidationException) CertException(com.github.zhenwei.pkix.cert.CertException) IOException(java.io.IOException) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) SubjectPublicKeyInfo(com.github.zhenwei.core.asn1.x509.SubjectPublicKeyInfo)

Example 38 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class X509v3CertificateBuilder method generateStructure.

private static Certificate generateStructure(TBSCertificate tbsCert, AlgorithmIdentifier sigAlgId, byte[] signature) {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return Certificate.getInstance(new DERSequence(v));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString)

Example 39 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CertificateConfirmationContentBuilder method build.

public CertificateConfirmationContent build(DigestCalculatorProvider digesterProvider) throws CMPException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    for (int i = 0; i != acceptedCerts.size(); i++) {
        X509CertificateHolder certHolder = (X509CertificateHolder) acceptedCerts.get(i);
        BigInteger reqID = (BigInteger) acceptedReqIds.get(i);
        AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
        if (digAlg == null) {
            throw new CMPException("cannot find algorithm for digest from signature");
        }
        DigestCalculator digester;
        try {
            digester = digesterProvider.get(digAlg);
        } catch (OperatorCreationException e) {
            throw new CMPException("unable to create digest: " + e.getMessage(), e);
        }
        CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
        v.add(new CertStatus(digester.getDigest(), reqID));
    }
    return new CertificateConfirmationContent(CertConfirmContent.getInstance(new DERSequence(v)), digestAlgFinder);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) CertStatus(com.github.zhenwei.pkix.util.asn1.cmp.CertStatus) X509CertificateHolder(com.github.zhenwei.pkix.cert.X509CertificateHolder) DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) BigInteger(java.math.BigInteger) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Example 40 with Signature

use of com.github.zhenwei.core.asn1.ocsp.Signature in project LinLong-Java by zhenwei1108.

the class CertificateStatus method isVerified.

public boolean isVerified(X509CertificateHolder certHolder, DigestCalculatorProvider digesterProvider) throws CMPException {
    AlgorithmIdentifier digAlg = digestAlgFinder.find(certHolder.toASN1Structure().getSignatureAlgorithm());
    if (digAlg == null) {
        throw new CMPException("cannot find algorithm for digest from signature");
    }
    DigestCalculator digester;
    try {
        digester = digesterProvider.get(digAlg);
    } catch (OperatorCreationException e) {
        throw new CMPException("unable to create digester: " + e.getMessage(), e);
    }
    CMPUtil.derEncodeToStream(certHolder.toASN1Structure(), digester.getOutputStream());
    return Arrays.areEqual(certStatus.getCertHash().getOctets(), digester.getDigest());
}
Also used : DigestCalculator(com.github.zhenwei.pkix.operator.DigestCalculator) OperatorCreationException(com.github.zhenwei.pkix.operator.OperatorCreationException) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)

Aggregations

IOException (java.io.IOException)44 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)34 DERSequence (com.github.zhenwei.core.asn1.DERSequence)29 DERBitString (com.github.zhenwei.core.asn1.DERBitString)21 AlgorithmIdentifier (com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)20 OutputStream (java.io.OutputStream)20 SignatureException (java.security.SignatureException)20 GeneralSecurityException (java.security.GeneralSecurityException)15 Signature (java.security.Signature)15 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)14 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)14 InvalidKeyException (java.security.InvalidKeyException)13 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)13 Iterator (java.util.Iterator)13 OperatorCreationException (com.github.zhenwei.pkix.operator.OperatorCreationException)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 NoSuchProviderException (java.security.NoSuchProviderException)10 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)9 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)9 List (java.util.List)9