use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V3CertificateGenerator method generate.
/**
* generate an X509 certificate, based on the current issuer and subject, using the passed in
* provider for the signing and the supplied source of randomness, if required.
*/
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try {
signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
} catch (IOException e) {
throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
}
try {
return generateJcaObject(tbsCert, signature);
} catch (Exception e) {
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509V1CertificateGenerator method generateJcaObject.
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgId);
v.add(new DERBitString(signature));
try {
return (X509Certificate) certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
} catch (Exception e) {
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class X509CertificateHolder method isSignatureValid.
/**
* Validate the signature on the certificate in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
* signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCert.getSignature()));
OutputStream sOut = verifier.getOutputStream();
tbsCert.encodeTo(sOut, ASN1Encoding.DER);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(this.getSignature());
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project xwiki-commons by xwiki.
the class BcX509CertifiedPublicKey method isSignedBy.
@Override
public boolean isSignedBy(PublicKeyParameters publicKey) throws GeneralSecurityException {
TBSCertificate tbsCert = this.holder.toASN1Structure().getTBSCertificate();
if (!BcUtils.isAlgorithlIdentifierEqual(tbsCert.getSignature(), this.holder.getSignatureAlgorithm())) {
return false;
}
Signer signer = null;
// Optimisation
if (this.signerFactory instanceof BcSignerFactory) {
signer = ((BcSignerFactory) this.signerFactory).getInstance(false, publicKey, tbsCert.getSignature());
} else {
try {
signer = this.signerFactory.getInstance(false, publicKey, this.holder.getSignatureAlgorithm().getEncoded());
} catch (IOException e) {
return false;
}
}
try {
return BcUtils.updateDEREncodedObject(signer, tbsCert).verify(this.holder.getSignature());
} catch (IOException e) {
return false;
}
}
use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.
the class V1TBSCertificateGenerator method generateTBSCertificate.
public TBSCertificate generateTBSCertificate() {
if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null) || (subjectPublicKeyInfo == null)) {
throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator");
}
ASN1EncodableVector seq = new ASN1EncodableVector(6);
// seq.add(version); - not required as default value.
seq.add(serialNumber);
seq.add(signature);
seq.add(issuer);
//
// before and after dates
//
{
ASN1EncodableVector validity = new ASN1EncodableVector(2);
validity.add(startDate);
validity.add(endDate);
seq.add(new DERSequence(validity));
}
seq.add(subject);
seq.add(subjectPublicKeyInfo);
return TBSCertificate.getInstance(new DERSequence(seq));
}
Aggregations