use of com.github.zhenwei.core.asn1.x509.TBSCertList in project XobotOS by xamarin.
the class X509CRLImpl method retrieveEntries.
/*
* Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
* from the TBSCertList structure and converts them to the
* X509CRLEntryImpl objects
*/
private void retrieveEntries() {
entriesRetrieved = true;
List rcerts = tbsCertList.getRevokedCertificates();
if (rcerts == null) {
return;
}
entriesSize = rcerts.size();
entries = new ArrayList(entriesSize);
// null means that revoked certificate issuer is the same as CRL issuer
X500Principal rcertIssuer = null;
for (int i = 0; i < entriesSize; i++) {
TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
X500Principal iss = rcert.getIssuer();
if (iss != null) {
// certificate issuer differs from CRL issuer
// and CRL is indirect.
rcertIssuer = iss;
isIndirectCRL = true;
// remember how many leading revoked certificates in the
// list are issued by the same issuer as issuer of CRL
// (these certificates are first in the list)
nonIndirectEntriesSize = i;
}
entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project jmulticard by ctt-gob-es.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
tbsCRL.encodeTo(sOut, ASN1Encoding.DER);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getOctets());
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project jruby-openssl by jruby.
the class SecurityHelper method verify.
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
if (crl instanceof X509CRLObject) {
final CertificateList crlList = (CertificateList) getCertificateList(crl);
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
if (silent)
return false;
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
signature.initVerify(publicKey);
signature.update(crl.getTBSCertList());
if (!signature.verify(crl.getSignature())) {
if (silent)
return false;
throw new SignatureException("CRL does not verify with supplied public key.");
}
return true;
} else {
try {
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
final ContentVerifierProvider verifierProvider;
if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
BigInteger y = ((DSAPublicKey) publicKey).getY();
DSAParams params = ((DSAPublicKey) publicKey).getParams();
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
} else {
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
}
return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
} catch (OperatorException e) {
throw new SignatureException(e);
} catch (CertException e) {
throw new SignatureException(e);
}// can happen if the input is DER but does not match expected structure
catch (ClassCastException e) {
throw new SignatureException(e);
} catch (IOException e) {
throw new SignatureException(e);
}
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
* signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
tbsCRL.encodeTo(sOut, ASN1Encoding.DER);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getOctets());
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.
the class X509V2CRLGenerator method generate.
/**
* generate an X509 CRL, based on the current issuer and subject using the default provider and an
* user defined SecureRandom object as source of randomness.
* <p>
* <b>Note:</b> this differs from the deprecated method in that the default provider is
* used - not "BC".
* </p>
*/
public X509CRL generate(PrivateKey key, SecureRandom random) throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl);
} catch (IOException e) {
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
Aggregations