use of com.google.cloud.security.privateca.v1.Certificate in project open-ecard by ecsec.
the class HostnameVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostOrIp) throws CertificateVerificationException {
try {
TlsCertificate tlsCert = chain.getCertificate().getCertificateAt(0);
Certificate cert = Certificate.getInstance(tlsCert.getEncoded());
validInt(cert, hostOrIp);
} catch (IOException ex) {
throw new CertificateVerificationException("Invalid certificate received from server.", ex);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project open-ecard by ecsec.
the class KeyLengthVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
try {
boolean firstCert = true;
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate x509 = Certificate.getInstance(next.getEncoded());
boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
// skip key comparison step if this is a root certificate, but still check self signed server certs
boolean isRootCert = selfSigned && !firstCert;
if (!isRootCert) {
// determine if key has the minimum size
KeyTools.assertKeyLength(x509);
firstCert = false;
}
}
} catch (IOException ex) {
String msg = "Failed to extract public key from certificate.";
throw new CertificateVerificationException(msg, ex);
} catch (KeyLengthException ex) {
String msg = "The key in the certificate does not satisfy the length requirements.";
throw new CertificateVerificationException(msg, ex);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrlWithNoCrlNumber.
@Test
public void parseCrlWithNoCrlNumber() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("no-crlnumber.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", null, parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrl_revoked.
@Test
public void parseCrl_revoked() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("revoked-certs.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrlWithNoExtension.
@Test
public void parseCrlWithNoExtension() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("no-extensions.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", null, parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 2, numRevokedCerts);
}
Aggregations