use of org.bouncycastle.operator.DigestAlgorithmIdentifierFinder in project xipki by xipki.
the class CmpCaClient method getContentVerifierProvider.
// method verifyProtection
public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey) throws InvalidKeyException {
SdkUtil.requireNonNull("publicKey", publicKey);
String keyAlg = publicKey.getAlgorithm().toUpperCase();
DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
BcContentVerifierProviderBuilder builder;
if ("RSA".equals(keyAlg)) {
builder = new BcRSAContentVerifierProviderBuilder(digAlgFinder);
} else if ("DSA".equals(keyAlg)) {
builder = new BcDSAContentVerifierProviderBuilder(digAlgFinder);
} else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) {
builder = new BcECContentVerifierProviderBuilder(digAlgFinder);
} else {
throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
}
AsymmetricKeyParameter keyParam;
if (publicKey instanceof RSAPublicKey) {
RSAPublicKey rsaKey = (RSAPublicKey) publicKey;
keyParam = new RSAKeyParameters(false, rsaKey.getModulus(), rsaKey.getPublicExponent());
} else if (publicKey instanceof ECPublicKey) {
keyParam = ECUtil.generatePublicKeyParameter(publicKey);
} else if (publicKey instanceof DSAPublicKey) {
keyParam = DSAUtil.generatePublicKeyParameter(publicKey);
} else {
throw new InvalidKeyException("unknown key " + publicKey.getClass().getName());
}
try {
return builder.build(keyParam);
} catch (OperatorCreationException ex) {
throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex);
}
}
use of org.bouncycastle.operator.DigestAlgorithmIdentifierFinder in project jruby-openssl by jruby.
the class SecurityHelper method verify.
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
if (crl instanceof X509CRLObject) {
final CertificateList crlList = (CertificateList) getCertificateList(crl);
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
if (silent)
return false;
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
signature.initVerify(publicKey);
signature.update(crl.getTBSCertList());
if (!signature.verify(crl.getSignature())) {
if (silent)
return false;
throw new SignatureException("CRL does not verify with supplied public key.");
}
return true;
} else {
try {
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
final ContentVerifierProvider verifierProvider;
if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
BigInteger y = ((DSAPublicKey) publicKey).getY();
DSAParams params = ((DSAPublicKey) publicKey).getParams();
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
} else {
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
}
return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
} catch (OperatorException e) {
throw new SignatureException(e);
} catch (CertException e) {
throw new SignatureException(e);
}// can happen if the input is DER but does not match expected strucure
catch (ClassCastException e) {
throw new SignatureException(e);
} catch (IOException e) {
throw new SignatureException(e);
}
}
}
Aggregations