use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.
the class X509V2CRLGenerator method generateJcaObject.
private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature) throws CRLException {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCrl);
v.add(sigAlgId);
v.add(new DERBitString(signature));
return new X509CRLObject(CertificateList.getInstance(new DERSequence(v)));
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project robovm by robovm.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCRL);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getBytes());
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project robovm by robovm.
the class X509CRLImpl method retrieveEntries.
/*
* Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
* from the TBSCertList structure and converts them to the
* X509CRLEntryImpl objects
*/
private void retrieveEntries() {
entriesRetrieved = true;
List rcerts = tbsCertList.getRevokedCertificates();
if (rcerts == null) {
return;
}
entriesSize = rcerts.size();
entries = new ArrayList(entriesSize);
// null means that revoked certificate issuer is the same as CRL issuer
X500Principal rcertIssuer = null;
for (int i = 0; i < entriesSize; i++) {
TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
X500Principal iss = rcert.getIssuer();
if (iss != null) {
// certificate issuer differs from CRL issuer
// and CRL is indirect.
rcertIssuer = iss;
isIndirectCRL = true;
// remember how many leading revoked certificates in the
// list are issued by the same issuer as issuer of CRL
// (these certificates are first in the list)
nonIndirectEntriesSize = i;
}
entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project BiglyBT by BiglySoftware.
the class PrincipalUtil method getIssuerX509Principal.
/**
* return the issuer of the given CRL as an X509PrincipalObject.
*/
public static X509Principal getIssuerX509Principal(X509CRL crl) throws CRLException {
try {
ByteArrayInputStream bIn = new ByteArrayInputStream(crl.getTBSCertList());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertList tbsCertList = new TBSCertList((ASN1Sequence) aIn.readObject());
return new X509Principal(tbsCertList.getIssuer());
} catch (IOException e) {
throw new CRLException(e.toString());
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.
the class X509V2CRLGenerator method generate.
/**
* generate an X509 CRL, based on the current issuer and subject, using the passed in provider for
* the signing.
*/
public X509CRL generate(PrivateKey key, String provider, SecureRandom random) throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertList tbsCrl = generateCertList();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
} catch (IOException e) {
throw new ExtCRLException("cannot generate CRL encoding", e);
}
return generateJcaObject(tbsCrl, signature);
}
Aggregations