Example 1 with X509CRLObject
use of org.bouncycastle.jce.provider.X509CRLObject in project jruby-openssl by jruby.
the class SecurityHelper method verify.
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
if (crl instanceof X509CRLObject) {
final CertificateList crlList = (CertificateList) getCertificateList(crl);
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
if (silent)
return false;
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
signature.initVerify(publicKey);
signature.update(crl.getTBSCertList());
if (!signature.verify(crl.getSignature())) {
if (silent)
return false;
throw new SignatureException("CRL does not verify with supplied public key.");
}
return true;
} else {
try {
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
final ContentVerifierProvider verifierProvider;
if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
BigInteger y = ((DSAPublicKey) publicKey).getY();
DSAParams params = ((DSAPublicKey) publicKey).getParams();
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
} else {
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
}
return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
} catch (OperatorException e) {
throw new SignatureException(e);
} catch (CertException e) {
throw new SignatureException(e);
}// can happen if the input is DER but does not match expected strucure
catch (ClassCastException e) {
throw new SignatureException(e);
} catch (IOException e) {
throw new SignatureException(e);
}
}
}
Also used :
DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters)
X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject)
BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertException(org.bouncycastle.cert.CertException)
SignatureException(java.security.SignatureException)
DSAParams(java.security.interfaces.DSAParams)
IOException(java.io.IOException)
DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Signature(java.security.Signature)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder)
CRLException(java.security.cert.CRLException)
DSAParameters(org.bouncycastle.crypto.params.DSAParameters)
OperatorException(org.bouncycastle.operator.OperatorException)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
Aggregations
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
CRLException (java.security.cert.CRLException)1
DSAParams (java.security.interfaces.DSAParams)1
DSAPublicKey (java.security.interfaces.DSAPublicKey)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
CertificateList (org.bouncycastle.asn1.x509.CertificateList)1
CertException (org.bouncycastle.cert.CertException)1
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)1
AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)1
DSAParameters (org.bouncycastle.crypto.params.DSAParameters)1
DSAPublicKeyParameters (org.bouncycastle.crypto.params.DSAPublicKeyParameters)1
RSAKeyParameters (org.bouncycastle.crypto.params.RSAKeyParameters)1
X509CRLObject (org.bouncycastle.jce.provider.X509CRLObject)1
ContentVerifierProvider (org.bouncycastle.operator.ContentVerifierProvider)1
DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)1
DigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DigestAlgorithmIdentifierFinder)1
