Example 6 with DEROutputStream
use of org.bouncycastle.asn1.DEROutputStream in project robovm by robovm.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCRL);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 7 with DEROutputStream
use of org.bouncycastle.asn1.DEROutputStream in project robovm by robovm.
the class X509CertificateHolder method isSignatureValid.
/**
* Validate the signature on the certificate in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCert.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCert);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509Certificate.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 8 with DEROutputStream
use of org.bouncycastle.asn1.DEROutputStream in project atlas by alibaba.
the class LocalSignedJarBuilder method writeSignatureBlock.
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm()).build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(sha1Signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(mOutputJar);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ArrayList(java.util.ArrayList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
JcaCertStore(org.bouncycastle.cert.jcajce.JcaCertStore)
JcaDigestCalculatorProviderBuilder(org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Aggregations
DEROutputStream (org.bouncycastle.asn1.DEROutputStream)8
IOException (java.io.IOException)6
OutputStream (java.io.OutputStream)4
X509Certificate (java.security.cert.X509Certificate)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
ContentVerifier (org.bouncycastle.operator.ContentVerifier)3
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PrivateKey (java.security.PrivateKey)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
Certificate (java.security.cert.Certificate)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
CertificateException (java.security.cert.CertificateException)2
Enumeration (java.util.Enumeration)2
Hashtable (java.util.Hashtable)2
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)2
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)2
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2
BEROutputStream (org.bouncycastle.asn1.BEROutputStream)2
DERBMPString (org.bouncycastle.asn1.DERBMPString)2
