Search in sources :

Example 1 with Signature

use of com.github.zhenwei.pkix.util.oer.its.Signature in project LinLong-Java by zhenwei1108.

the class ITSExplicitCertificateBuilder method build.

public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
    ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
    tbsBldr.setCertificateId(certificateId);
    if (publicEncryptionKey != null) {
        tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
    }
    tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
    ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
    ToBeSignedCertificate signerCert = null;
    VerificationKeyIndicator verificationKeyIndicator;
    if (signer.isForSelfSigning()) {
        verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
    } else {
        signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
        verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
    }
    OutputStream sOut = signer.getOutputStream();
    try {
        sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
        sOut.close();
    } catch (IOException e) {
        throw new IllegalArgumentException("cannot produce certificate signature");
    }
    // TODO: signature actually optional.
    Signature sig = null;
    switch(verificationKeyIndicator.getChoice()) {
        case PublicVerificationKey.ecdsaNistP256:
            sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP256r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
            break;
        case PublicVerificationKey.ecdsaBrainpoolP384r1:
            sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
            break;
        default:
            throw new IllegalStateException("unknown key type");
    }
    CertificateBase.Builder baseBldr = new CertificateBase.Builder();
    IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
    ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
    if (signer.isForSelfSigning()) {
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha256);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.self(HashAlgorithm.sha384);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    } else {
        byte[] parentDigest = signer.getAssociatedCertificateDigest();
        HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
        if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
            issuerIdentifierBuilder.sha256AndDigest(hashedID);
        } else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
            issuerIdentifierBuilder.sha384AndDigest(hashedID);
        } else {
            throw new IllegalStateException("unknown digest");
        }
    }
    baseBldr.setVersion(version);
    baseBldr.setType(CertificateType.Explicit);
    baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
    baseBldr.setToBeSignedCertificate(tbsCertificate);
    baseBldr.setSignature(sig);
    Certificate.Builder bldr = new Certificate.Builder();
    bldr.setCertificateBase(baseBldr.createCertificateBase());
    return new ITSCertificate(bldr.createCertificate());
}
Also used : OutputStream(java.io.OutputStream) IOException(java.io.IOException) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate) CertificateBase(com.github.zhenwei.pkix.util.oer.its.CertificateBase) IssuerIdentifier(com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier) Signature(com.github.zhenwei.pkix.util.oer.its.Signature) VerificationKeyIndicator(com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier) HashedId(com.github.zhenwei.pkix.util.oer.its.HashedId) Certificate(com.github.zhenwei.pkix.util.oer.its.Certificate) ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)

Example 2 with Signature

use of com.github.zhenwei.pkix.util.oer.its.Signature in project LinLong-Java by zhenwei1108.

the class ITSCertificate method isSignatureValid.

public boolean isSignatureValid(ITSContentVerifierProvider verifierProvider) throws Exception {
    ContentVerifier contentVerifier = verifierProvider.get(certificate.getCertificateBase().getSignature().getChoice());
    OutputStream verOut = contentVerifier.getOutputStream();
    verOut.write(OEREncoder.toByteArray(certificate.getCertificateBase().getToBeSignedCertificate(), IEEE1609dot2.tbsCertificate));
    verOut.close();
    Signature sig = certificate.getCertificateBase().getSignature();
    return contentVerifier.verify(ECDSAEncoder.toX962(sig));
}
Also used : ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier) OutputStream(java.io.OutputStream) Signature(com.github.zhenwei.pkix.util.oer.its.Signature)

Aggregations

Signature (com.github.zhenwei.pkix.util.oer.its.Signature)2 OutputStream (java.io.OutputStream)2 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 ContentVerifier (com.github.zhenwei.pkix.operator.ContentVerifier)1 Certificate (com.github.zhenwei.pkix.util.oer.its.Certificate)1 CertificateBase (com.github.zhenwei.pkix.util.oer.its.CertificateBase)1 HashedId (com.github.zhenwei.pkix.util.oer.its.HashedId)1 IssuerIdentifier (com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier)1 ToBeSignedCertificate (com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)1 VerificationKeyIndicator (com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator)1 IOException (java.io.IOException)1