Example 31 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project LinLong-Java by zhenwei1108.
the class X509CRLImpl method doVerify.
private void doVerify(PublicKey key, SignatureCreator sigCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) {
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
if (key instanceof CompositePublicKey && X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm())) {
List<PublicKey> pubKeys = ((CompositePublicKey) key).getPublicKeys();
ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
ASN1Sequence sigSeq = ASN1Sequence.getInstance(DERBitString.getInstance(c.getSignature()).getBytes());
boolean success = false;
for (int i = 0; i != pubKeys.size(); i++) {
if (pubKeys.get(i) == null) {
continue;
}
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
String sigName = X509SignatureUtil.getSignatureName(sigAlg);
Signature signature = sigCreator.createSignature(sigName);
SignatureException sigExc = null;
try {
checkSignature((PublicKey) pubKeys.get(i), signature, sigAlg.getParameters(), DERBitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
success = true;
} catch (SignatureException e) {
sigExc = e;
}
if (sigExc != null) {
throw sigExc;
}
}
if (!success) {
throw new InvalidKeyException("no matching key found");
}
} else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm())) {
ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
ASN1Sequence sigSeq = ASN1Sequence.getInstance(DERBitString.getInstance(c.getSignature()).getBytes());
boolean success = false;
for (int i = 0; i != sigSeq.size(); i++) {
AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
String sigName = X509SignatureUtil.getSignatureName(sigAlg);
SignatureException sigExc = null;
try {
Signature signature = sigCreator.createSignature(sigName);
checkSignature(key, signature, sigAlg.getParameters(), DERBitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
success = true;
} catch (InvalidKeyException e) {
// ignore
} catch (NoSuchAlgorithmException e) {
// ignore
} catch (SignatureException e) {
sigExc = e;
}
if (sigExc != null) {
throw sigExc;
}
}
if (!success) {
throw new InvalidKeyException("no matching key found");
}
} else {
Signature sig = sigCreator.createSignature(getSigAlgName());
if (sigAlgParams == null) {
checkSignature(key, sig, null, this.getSignature());
} else {
try {
checkSignature(key, sig, ASN1Primitive.fromByteArray(sigAlgParams), this.getSignature());
} catch (IOException e) {
throw new SignatureException("cannot decode signature parameters: " + e.getMessage());
}
}
}
}
Also used :
CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey)
PublicKey(java.security.PublicKey)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DERBitString(com.github.zhenwei.core.asn1.DERBitString)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier)
CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
Signature(java.security.Signature)
CRLException(java.security.cert.CRLException)
Example 32 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.
the class V1CertificateCrudTest method shouldReturnEmptyList.
@Test
void shouldReturnEmptyList() {
CertificateList certificateList = client.v1().certificates().inNamespace("ns1").list();
assertNotNull(certificateList);
assertTrue(certificateList.getItems().isEmpty());
}
Also used :
CertificateList(io.fabric8.certmanager.api.model.v1.CertificateList)
Test(org.junit.jupiter.api.Test)
Example 33 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.
the class V1alpha2CertificateCrudTest method shouldListAndGetCertificate.
@Test
void shouldListAndGetCertificate() {
Certificate certificate2 = new CertificateBuilder().withNewMetadata().withName("cert2").endMetadata().build();
client.v1alpha2().certificates().inNamespace("ns2").create(certificate2);
CertificateList certificateList = client.v1alpha2().certificates().inNamespace("ns2").list();
assertNotNull(certificateList);
assertEquals(1, certificateList.getItems().size());
}
Also used :
CertificateBuilder(io.fabric8.certmanager.api.model.v1alpha2.CertificateBuilder)
CertificateList(io.fabric8.certmanager.api.model.v1alpha2.CertificateList)
Certificate(io.fabric8.certmanager.api.model.v1alpha2.Certificate)
Test(org.junit.jupiter.api.Test)
Example 34 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.
the class V1alpha2CertificateCrudTest method shouldReturnEmptyList.
@Test
void shouldReturnEmptyList() {
CertificateList certificateList = client.v1alpha2().certificates().inNamespace("ns1").list();
assertNotNull(certificateList);
assertTrue(certificateList.getItems().isEmpty());
}
Also used :
CertificateList(io.fabric8.certmanager.api.model.v1alpha2.CertificateList)
Test(org.junit.jupiter.api.Test)
Example 35 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.
the class V1alpha3CertificateCrudTest method shouldReturnEmptyList.
@Test
void shouldReturnEmptyList() {
CertificateList certificateList = client.v1alpha3().certificates().inNamespace("ns1").list();
assertNotNull(certificateList);
assertTrue(certificateList.getItems().isEmpty());
}
Also used :
CertificateList(io.fabric8.certmanager.api.model.v1alpha3.CertificateList)
Test(org.junit.jupiter.api.Test)
Aggregations
IOException (java.io.IOException)13
CertificateList (org.bouncycastle.asn1.x509.CertificateList)13
CRLException (java.security.cert.CRLException)10
Test (org.junit.jupiter.api.Test)8
CRL (java.security.cert.CRL)5
X509CRL (java.security.cert.X509CRL)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5
OperationException (org.xipki.ca.api.OperationException)5
DefaultCertManagerClient (io.fabric8.certmanager.client.DefaultCertManagerClient)4
NamespacedCertManagerClient (io.fabric8.certmanager.client.NamespacedCertManagerClient)4
GeneralName (org.bouncycastle.asn1.x509.GeneralName)4
CertificateList (io.fabric8.certmanager.api.model.v1.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha2.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha3.CertificateList)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
BigInteger (java.math.BigInteger)3
CertificateException (java.security.cert.CertificateException)3
X509Certificate (java.security.cert.X509Certificate)3
CertificateList (com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)2
