Example 1 with Signature
use of com.github.zhenwei.pkix.util.oer.its.Signature in project LinLong-Java by zhenwei1108.
the class ITSExplicitCertificateBuilder method build.
public ITSCertificate build(CertificateId certificateId, ITSPublicVerificationKey verificationKey, ITSPublicEncryptionKey publicEncryptionKey) {
ToBeSignedCertificate.Builder tbsBldr = new ToBeSignedCertificate.Builder(tbsCertificateBuilder);
tbsBldr.setCertificateId(certificateId);
if (publicEncryptionKey != null) {
tbsBldr.setEncryptionKey(publicEncryptionKey.toASN1Structure());
}
tbsBldr.setVerificationKeyIndicator(VerificationKeyIndicator.builder().publicVerificationKey(verificationKey.toASN1Structure()).createVerificationKeyIndicator());
ToBeSignedCertificate tbsCertificate = tbsBldr.createToBeSignedCertificate();
ToBeSignedCertificate signerCert = null;
VerificationKeyIndicator verificationKeyIndicator;
if (signer.isForSelfSigning()) {
verificationKeyIndicator = tbsCertificate.getVerificationKeyIndicator();
} else {
signerCert = signer.getAssociatedCertificate().toASN1Structure().getCertificateBase().getToBeSignedCertificate();
verificationKeyIndicator = signerCert.getVerificationKeyIndicator();
}
OutputStream sOut = signer.getOutputStream();
try {
sOut.write(OEREncoder.toByteArray(tbsCertificate, IEEE1609dot2.tbsCertificate));
sOut.close();
} catch (IOException e) {
throw new IllegalArgumentException("cannot produce certificate signature");
}
// TODO: signature actually optional.
Signature sig = null;
switch(verificationKeyIndicator.getChoice()) {
case PublicVerificationKey.ecdsaNistP256:
sig = ECDSAEncoder.toITS(SECObjectIdentifiers.secp256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP256r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP256r1, signer.getSignature());
break;
case PublicVerificationKey.ecdsaBrainpoolP384r1:
sig = ECDSAEncoder.toITS(TeleTrusTObjectIdentifiers.brainpoolP384r1, signer.getSignature());
break;
default:
throw new IllegalStateException("unknown key type");
}
CertificateBase.Builder baseBldr = new CertificateBase.Builder();
IssuerIdentifier.Builder issuerIdentifierBuilder = IssuerIdentifier.builder();
ASN1ObjectIdentifier digestAlg = signer.getDigestAlgorithm().getAlgorithm();
if (signer.isForSelfSigning()) {
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha256);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.self(HashAlgorithm.sha384);
} else {
throw new IllegalStateException("unknown digest");
}
} else {
byte[] parentDigest = signer.getAssociatedCertificateDigest();
HashedId.HashedId8 hashedID = new HashedId.HashedId8(Arrays.copyOfRange(parentDigest, parentDigest.length - 8, parentDigest.length));
if (digestAlg.equals(NISTObjectIdentifiers.id_sha256)) {
issuerIdentifierBuilder.sha256AndDigest(hashedID);
} else if (digestAlg.equals(NISTObjectIdentifiers.id_sha384)) {
issuerIdentifierBuilder.sha384AndDigest(hashedID);
} else {
throw new IllegalStateException("unknown digest");
}
}
baseBldr.setVersion(version);
baseBldr.setType(CertificateType.Explicit);
baseBldr.setIssuer(issuerIdentifierBuilder.createIssuerIdentifier());
baseBldr.setToBeSignedCertificate(tbsCertificate);
baseBldr.setSignature(sig);
Certificate.Builder bldr = new Certificate.Builder();
bldr.setCertificateBase(baseBldr.createCertificateBase());
return new ITSCertificate(bldr.createCertificate());
}
Also used :
OutputStream(java.io.OutputStream)
IOException(java.io.IOException)
ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)
CertificateBase(com.github.zhenwei.pkix.util.oer.its.CertificateBase)
IssuerIdentifier(com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier)
Signature(com.github.zhenwei.pkix.util.oer.its.Signature)
VerificationKeyIndicator(com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
HashedId(com.github.zhenwei.pkix.util.oer.its.HashedId)
Certificate(com.github.zhenwei.pkix.util.oer.its.Certificate)
ToBeSignedCertificate(com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)
Example 2 with Signature
use of com.github.zhenwei.pkix.util.oer.its.Signature in project LinLong-Java by zhenwei1108.
the class ITSCertificate method isSignatureValid.
public boolean isSignatureValid(ITSContentVerifierProvider verifierProvider) throws Exception {
ContentVerifier contentVerifier = verifierProvider.get(certificate.getCertificateBase().getSignature().getChoice());
OutputStream verOut = contentVerifier.getOutputStream();
verOut.write(OEREncoder.toByteArray(certificate.getCertificateBase().getToBeSignedCertificate(), IEEE1609dot2.tbsCertificate));
verOut.close();
Signature sig = certificate.getCertificateBase().getSignature();
return contentVerifier.verify(ECDSAEncoder.toX962(sig));
}
Also used :
ContentVerifier(com.github.zhenwei.pkix.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
Signature(com.github.zhenwei.pkix.util.oer.its.Signature)
Aggregations
Signature (com.github.zhenwei.pkix.util.oer.its.Signature)2
OutputStream (java.io.OutputStream)2
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1
ContentVerifier (com.github.zhenwei.pkix.operator.ContentVerifier)1
Certificate (com.github.zhenwei.pkix.util.oer.its.Certificate)1
CertificateBase (com.github.zhenwei.pkix.util.oer.its.CertificateBase)1
HashedId (com.github.zhenwei.pkix.util.oer.its.HashedId)1
IssuerIdentifier (com.github.zhenwei.pkix.util.oer.its.IssuerIdentifier)1
ToBeSignedCertificate (com.github.zhenwei.pkix.util.oer.its.ToBeSignedCertificate)1
VerificationKeyIndicator (com.github.zhenwei.pkix.util.oer.its.VerificationKeyIndicator)1
IOException (java.io.IOException)1
