Search in sources :

Example 36 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V3CertificateGenerator method generate.

/**
 * generate an X509 certificate, based on the current issuer and subject, using the passed in
 * provider for the signing and the supplied source of randomness, if required.
 */
public X509Certificate generate(PrivateKey key, String provider, SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
    TBSCertificate tbsCert = generateTbsCert();
    byte[] signature;
    try {
        signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
    } catch (IOException e) {
        throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
    }
    try {
        return generateJcaObject(tbsCert, signature);
    } catch (Exception e) {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}
Also used : IOException(java.io.IOException) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate) CertificateParsingException(java.security.cert.CertificateParsingException) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 37 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509V1CertificateGenerator method generateJcaObject.

private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(tbsCert);
    v.add(sigAlgId);
    v.add(new DERBitString(signature));
    try {
        return (X509Certificate) certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
    } catch (Exception e) {
        throw new ExtCertificateEncodingException("exception producing certificate object", e);
    }
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector) DERBitString(com.github.zhenwei.core.asn1.DERBitString) X509Certificate(java.security.cert.X509Certificate) GeneralSecurityException(java.security.GeneralSecurityException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) NoSuchProviderException(java.security.NoSuchProviderException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 38 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class X509CertificateHolder method isSignatureValid.

/**
 * Validate the signature on the certificate in this holder.
 *
 * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the
 *                         signature.
 * @return true if the signature is valid, false otherwise.
 * @throws CertException if the signature cannot be processed or is inappropriate.
 */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
    TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
    if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
        throw new CertException("signature invalid - algorithm identifier mismatch");
    }
    ContentVerifier verifier;
    try {
        verifier = verifierProvider.get((tbsCert.getSignature()));
        OutputStream sOut = verifier.getOutputStream();
        tbsCert.encodeTo(sOut, ASN1Encoding.DER);
        sOut.close();
    } catch (Exception e) {
        throw new CertException("unable to process signature: " + e.getMessage(), e);
    }
    return verifier.verify(this.getSignature());
}
Also used : ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier) OutputStream(java.io.OutputStream) ObjectOutputStream(java.io.ObjectOutputStream) TBSCertificate(com.github.zhenwei.core.asn1.x509.TBSCertificate) IOException(java.io.IOException)

Example 39 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project xwiki-commons by xwiki.

the class BcX509CertifiedPublicKey method isSignedBy.

@Override
public boolean isSignedBy(PublicKeyParameters publicKey) throws GeneralSecurityException {
    TBSCertificate tbsCert = this.holder.toASN1Structure().getTBSCertificate();
    if (!BcUtils.isAlgorithlIdentifierEqual(tbsCert.getSignature(), this.holder.getSignatureAlgorithm())) {
        return false;
    }
    Signer signer = null;
    // Optimisation
    if (this.signerFactory instanceof BcSignerFactory) {
        signer = ((BcSignerFactory) this.signerFactory).getInstance(false, publicKey, tbsCert.getSignature());
    } else {
        try {
            signer = this.signerFactory.getInstance(false, publicKey, this.holder.getSignatureAlgorithm().getEncoded());
        } catch (IOException e) {
            return false;
        }
    }
    try {
        return BcUtils.updateDEREncodedObject(signer, tbsCert).verify(this.holder.getSignature());
    } catch (IOException e) {
        return false;
    }
}
Also used : Signer(org.xwiki.crypto.signer.Signer) BcSignerFactory(org.xwiki.crypto.signer.internal.factory.BcSignerFactory) IOException(java.io.IOException) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Example 40 with TBSCertificate

use of com.github.zhenwei.core.asn1.x509.TBSCertificate in project LinLong-Java by zhenwei1108.

the class V1TBSCertificateGenerator method generateTBSCertificate.

public TBSCertificate generateTBSCertificate() {
    if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null) || (subjectPublicKeyInfo == null)) {
        throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator");
    }
    ASN1EncodableVector seq = new ASN1EncodableVector(6);
    // seq.add(version); - not required as default value.
    seq.add(serialNumber);
    seq.add(signature);
    seq.add(issuer);
    // 
    // before and after dates
    // 
    {
        ASN1EncodableVector validity = new ASN1EncodableVector(2);
        validity.add(startDate);
        validity.add(endDate);
        seq.add(new DERSequence(validity));
    }
    seq.add(subject);
    seq.add(subjectPublicKeyInfo);
    return TBSCertificate.getInstance(new DERSequence(seq));
}
Also used : DERSequence(com.github.zhenwei.core.asn1.DERSequence) ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)

Aggregations

IOException (java.io.IOException)22 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)22 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 CertificateException (java.security.cert.CertificateException)7 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)6 DERSequence (com.github.zhenwei.core.asn1.DERSequence)6 ByteArrayInputStream (java.io.ByteArrayInputStream)6 CertificateEncodingException (java.security.cert.CertificateEncodingException)6 X509Certificate (java.security.cert.X509Certificate)6 DEROctetString (org.bouncycastle.asn1.DEROctetString)6 ASN1EncodableVector (com.android.org.bouncycastle.asn1.ASN1EncodableVector)5 ASN1InputStream (com.android.org.bouncycastle.asn1.ASN1InputStream)5 ASN1Integer (com.android.org.bouncycastle.asn1.ASN1Integer)5 ASN1ObjectIdentifier (com.android.org.bouncycastle.asn1.ASN1ObjectIdentifier)5 DERBitString (com.android.org.bouncycastle.asn1.DERBitString)5 DERInteger (com.android.org.bouncycastle.asn1.DERInteger)5 DERSequence (com.android.org.bouncycastle.asn1.DERSequence)5 AlgorithmIdentifier (com.android.org.bouncycastle.asn1.x509.AlgorithmIdentifier)5 TBSCertificate (com.android.org.bouncycastle.asn1.x509.TBSCertificate)5 Time (com.android.org.bouncycastle.asn1.x509.Time)5