Example 86 with Signature
use of org.bouncycastle.asn1.ocsp.Signature in project Openfire by igniterealtime.
the class CertificateManager method createX509V3Certificate.
/**
* Creates an X509 version3 certificate.
*
* @param kp KeyPair that keeps the public and private keys for the new certificate.
* @param days time to live
* @param issuerCommonName Issuer CN string
* @param subjectCommonName Subject CN string
* @param domain Domain of the server.
* @param signAlgoritm Signature algorithm. This can be either a name or an OID.
* @return X509 V3 Certificate
* @throws GeneralSecurityException
* @throws IOException
*/
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, String issuerCommonName, String subjectCommonName, String domain, String signAlgoritm) throws GeneralSecurityException, IOException {
// subjectDN
X500NameBuilder subjectBuilder = new X500NameBuilder();
subjectBuilder.addRDN(BCStyle.CN, subjectCommonName);
// issuerDN
X500NameBuilder issuerBuilder = new X500NameBuilder();
issuerBuilder.addRDN(BCStyle.CN, issuerCommonName);
return createX509V3Certificate(kp, days, issuerBuilder, subjectBuilder, domain, signAlgoritm);
}
Also used :
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
Example 87 with Signature
use of org.bouncycastle.asn1.ocsp.Signature in project robovm by robovm.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCRL);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 88 with Signature
use of org.bouncycastle.asn1.ocsp.Signature in project robovm by robovm.
the class X509CertificateHolder method isSignatureValid.
/**
* Validate the signature on the certificate in this holder.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertificate tbsCert = x509Certificate.getTBSCertificate();
if (!CertUtils.isAlgIdEqual(tbsCert.getSignature(), x509Certificate.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCert.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCert);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509Certificate.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 89 with Signature
use of org.bouncycastle.asn1.ocsp.Signature in project robovm by robovm.
the class V1TBSCertificateGenerator method generateTBSCertificate.
public TBSCertificate generateTBSCertificate() {
if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null) || (subjectPublicKeyInfo == null)) {
throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator");
}
ASN1EncodableVector seq = new ASN1EncodableVector();
// seq.add(version); - not required as default value.
seq.add(serialNumber);
seq.add(signature);
seq.add(issuer);
//
// before and after dates
//
ASN1EncodableVector validity = new ASN1EncodableVector();
validity.add(startDate);
validity.add(endDate);
seq.add(new DERSequence(validity));
seq.add(subject);
seq.add(subjectPublicKeyInfo);
return TBSCertificate.getInstance(new DERSequence(seq));
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 90 with Signature
use of org.bouncycastle.asn1.ocsp.Signature in project robovm by robovm.
the class V3TBSCertificateGenerator method generateTBSCertificate.
public TBSCertificate generateTBSCertificate() {
if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) {
throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
}
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(version);
v.add(serialNumber);
v.add(signature);
v.add(issuer);
//
// before and after dates
//
ASN1EncodableVector validity = new ASN1EncodableVector();
validity.add(startDate);
validity.add(endDate);
v.add(new DERSequence(validity));
if (subject != null) {
v.add(subject);
} else {
v.add(new DERSequence());
}
v.add(subjectPublicKeyInfo);
if (issuerUniqueID != null) {
v.add(new DERTaggedObject(false, 1, issuerUniqueID));
}
if (subjectUniqueID != null) {
v.add(new DERTaggedObject(false, 2, subjectUniqueID));
}
if (extensions != null) {
v.add(new DERTaggedObject(true, 3, extensions));
}
return TBSCertificate.getInstance(new DERSequence(v));
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Aggregations
IOException (java.io.IOException)58
DERIA5String (org.bouncycastle.asn1.DERIA5String)36
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)31
DERBitString (org.bouncycastle.asn1.DERBitString)31
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)30
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)30
InvalidKeyException (java.security.InvalidKeyException)28
X509Certificate (java.security.cert.X509Certificate)28
SignatureException (java.security.SignatureException)27
DERSequence (org.bouncycastle.asn1.DERSequence)26
PublicKey (java.security.PublicKey)25
ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)23
DEROctetString (org.bouncycastle.asn1.DEROctetString)22
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)22
Signature (java.security.Signature)21
CertificateException (java.security.cert.CertificateException)21
BigInteger (java.math.BigInteger)20
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)19
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)18
NoSuchProviderException (java.security.NoSuchProviderException)16
