Search in sources :

Example 11 with TBSCertList

use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.

the class CertUtils method generateCRLStructure.

private static CertificateList generateCRLStructure(TBSCertList tbsCertList, AlgorithmIdentifier sigAlgId, byte[] signature) {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCertList);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    return CertificateList.getInstance(new DERSequence(v));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString)

Example 12 with TBSCertList

use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.

the class X509CRLImpl method doVerify.

private void doVerify(PublicKey key, SignatureCreator sigCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
    if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) {
        throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
    }
    if (key instanceof CompositePublicKey && X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm())) {
        List<PublicKey> pubKeys = ((CompositePublicKey) key).getPublicKeys();
        ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
        ASN1Sequence sigSeq = ASN1Sequence.getInstance(DERBitString.getInstance(c.getSignature()).getBytes());
        boolean success = false;
        for (int i = 0; i != pubKeys.size(); i++) {
            if (pubKeys.get(i) == null) {
                continue;
            }
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            String sigName = X509SignatureUtil.getSignatureName(sigAlg);
            Signature signature = sigCreator.createSignature(sigName);
            SignatureException sigExc = null;
            try {
                checkSignature((PublicKey) pubKeys.get(i), signature, sigAlg.getParameters(), DERBitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
                success = true;
            } catch (SignatureException e) {
                sigExc = e;
            }
            if (sigExc != null) {
                throw sigExc;
            }
        }
        if (!success) {
            throw new InvalidKeyException("no matching key found");
        }
    } else if (X509SignatureUtil.isCompositeAlgorithm(c.getSignatureAlgorithm())) {
        ASN1Sequence keySeq = ASN1Sequence.getInstance(c.getSignatureAlgorithm().getParameters());
        ASN1Sequence sigSeq = ASN1Sequence.getInstance(DERBitString.getInstance(c.getSignature()).getBytes());
        boolean success = false;
        for (int i = 0; i != sigSeq.size(); i++) {
            AlgorithmIdentifier sigAlg = AlgorithmIdentifier.getInstance(keySeq.getObjectAt(i));
            String sigName = X509SignatureUtil.getSignatureName(sigAlg);
            SignatureException sigExc = null;
            try {
                Signature signature = sigCreator.createSignature(sigName);
                checkSignature(key, signature, sigAlg.getParameters(), DERBitString.getInstance(sigSeq.getObjectAt(i)).getBytes());
                success = true;
            } catch (InvalidKeyException e) {
            // ignore
            } catch (NoSuchAlgorithmException e) {
            // ignore
            } catch (SignatureException e) {
                sigExc = e;
            }
            if (sigExc != null) {
                throw sigExc;
            }
        }
        if (!success) {
            throw new InvalidKeyException("no matching key found");
        }
    } else {
        Signature sig = sigCreator.createSignature(getSigAlgName());
        if (sigAlgParams == null) {
            checkSignature(key, sig, null, this.getSignature());
        } else {
            try {
                checkSignature(key, sig, ASN1Primitive.fromByteArray(sigAlgParams), this.getSignature());
            } catch (IOException e) {
                throw new SignatureException("cannot decode signature parameters: " + e.getMessage());
            }
        }
    }
}
Also used : CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) PublicKey(java.security.PublicKey) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) DERBitString(com.github.zhenwei.core.asn1.DERBitString) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) AlgorithmIdentifier(com.github.zhenwei.core.asn1.x509.AlgorithmIdentifier) CompositePublicKey(com.github.zhenwei.provider.jcajce.CompositePublicKey) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) Signature(java.security.Signature) CRLException(java.security.cert.CRLException)

Example 13 with TBSCertList

use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.

the class V2TBSCertListGenerator method generateTBSCertList.

public TBSCertList generateTBSCertList() {
    if ((signature == null) || (issuer == null) || (thisUpdate == null)) {
        throw new IllegalStateException("Not all mandatory fields set in V2 TBSCertList generator.");
    }
    ASN1EncodableVector v = new ASN1EncodableVector(7);
    v.add(version);
    v.add(signature);
    v.add(issuer);
    v.add(thisUpdate);
    if (nextUpdate != null) {
        v.add(nextUpdate);
    }
    // Add CRLEntries if they exist
    if (crlentries.size() != 0) {
        v.add(new DERSequence(crlentries));
    }
    if (extensions != null) {
        v.add(new DERTaggedObject(0, extensions));
    }
    return new TBSCertList(new DERSequence(v));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Example 14 with TBSCertList

use of com.github.zhenwei.core.asn1.x509.TBSCertList in project LinLong-Java by zhenwei1108.

the class CertificateList method toASN1Primitive.

public ASN1Primitive toASN1Primitive() {
    ASN1EncodableVector v = new ASN1EncodableVector(3);
    v.add(tbsCertList);
    v.add(sigAlgId);
    v.add(sig);
    return new DERSequence(v);
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Aggregations

IOException (java.io.IOException)8 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4 DERSequence (com.github.zhenwei.core.asn1.DERSequence)4 DERBitString (com.github.zhenwei.core.asn1.DERBitString)3 TBSCertList (com.github.zhenwei.core.asn1.x509.TBSCertList)3 OutputStream (java.io.OutputStream)3 CRLException (java.security.cert.CRLException)3 ObjectOutputStream (java.io.ObjectOutputStream)2 Signature (java.security.Signature)2 SignatureException (java.security.SignatureException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 X500Principal (javax.security.auth.x500.X500Principal)2 CertificateList (org.apache.harmony.security.x509.CertificateList)2 TBSCertList (org.apache.harmony.security.x509.TBSCertList)2 TBSCertList (org.bouncycastle.asn1.x509.TBSCertList)2 ContentVerifier (org.bouncycastle.operator.ContentVerifier)2 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)1 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)1 DERTaggedObject (com.github.zhenwei.core.asn1.DERTaggedObject)1