Search in sources :

Example 1 with TBSCertList

use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project XobotOS by xamarin.

the class X509CRLImpl method retrieveEntries.

/*
     * Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
     * from the TBSCertList structure and converts them to the
     * X509CRLEntryImpl objects
     */
private void retrieveEntries() {
    entriesRetrieved = true;
    List rcerts = tbsCertList.getRevokedCertificates();
    if (rcerts == null) {
        return;
    }
    entriesSize = rcerts.size();
    entries = new ArrayList(entriesSize);
    // null means that revoked certificate issuer is the same as CRL issuer
    X500Principal rcertIssuer = null;
    for (int i = 0; i < entriesSize; i++) {
        TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
        X500Principal iss = rcert.getIssuer();
        if (iss != null) {
            // certificate issuer differs from CRL issuer
            // and CRL is indirect.
            rcertIssuer = iss;
            isIndirectCRL = true;
            // remember how many leading revoked certificates in the
            // list are issued by the same issuer as issuer of CRL
            // (these certificates are first in the list)
            nonIndirectEntriesSize = i;
        }
        entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
    }
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) TBSCertList(org.apache.harmony.security.x509.TBSCertList) CertificateList(org.apache.harmony.security.x509.CertificateList) List(java.util.List) TBSCertList(org.apache.harmony.security.x509.TBSCertList)

Example 2 with TBSCertList

use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project jruby-openssl by jruby.

the class SecurityHelper method verify.

static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
    if (crl instanceof X509CRLObject) {
        final CertificateList crlList = (CertificateList) getCertificateList(crl);
        final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
        if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
            if (silent)
                return false;
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
        signature.initVerify(publicKey);
        signature.update(crl.getTBSCertList());
        if (!signature.verify(crl.getSignature())) {
            if (silent)
                return false;
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
        return true;
    } else {
        try {
            final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
            final ContentVerifierProvider verifierProvider;
            if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                DSAParams params = ((DSAPublicKey) publicKey).getParams();
                DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
                AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
                verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
            } else {
                BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
                BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
                AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
                verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
            }
            return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
        } catch (OperatorException e) {
            throw new SignatureException(e);
        } catch (CertException e) {
            throw new SignatureException(e);
        }// can happen if the input is DER but does not match expected strucure
         catch (ClassCastException e) {
            throw new SignatureException(e);
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }
}
Also used : DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters) X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject) BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertException(org.bouncycastle.cert.CertException) SignatureException(java.security.SignatureException) DSAParams(java.security.interfaces.DSAParams) IOException(java.io.IOException) DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DSAPublicKey(java.security.interfaces.DSAPublicKey) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) RSAPublicKey(java.security.interfaces.RSAPublicKey) Signature(java.security.Signature) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder) CRLException(java.security.cert.CRLException) DSAParameters(org.bouncycastle.crypto.params.DSAParameters) OperatorException(org.bouncycastle.operator.OperatorException) ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)

Example 3 with TBSCertList

use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project robovm by robovm.

the class X509CRLHolder method isSignatureValid.

/**
     * Validate the signature on the CRL.
     *
     * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
     * @return true if the signature is valid, false otherwise.
     * @throws CertException if the signature cannot be processed or is inappropriate.
     */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
    TBSCertList tbsCRL = x509CRL.getTBSCertList();
    if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
        throw new CertException("signature invalid - algorithm identifier mismatch");
    }
    ContentVerifier verifier;
    try {
        verifier = verifierProvider.get((tbsCRL.getSignature()));
        OutputStream sOut = verifier.getOutputStream();
        DEROutputStream dOut = new DEROutputStream(sOut);
        dOut.writeObject(tbsCRL);
        sOut.close();
    } catch (Exception e) {
        throw new CertException("unable to process signature: " + e.getMessage(), e);
    }
    return verifier.verify(x509CRL.getSignature().getBytes());
}
Also used : ContentVerifier(org.bouncycastle.operator.ContentVerifier) OutputStream(java.io.OutputStream) DEROutputStream(org.bouncycastle.asn1.DEROutputStream) TBSCertList(org.bouncycastle.asn1.x509.TBSCertList) IOException(java.io.IOException) DEROutputStream(org.bouncycastle.asn1.DEROutputStream)

Example 4 with TBSCertList

use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project robovm by robovm.

the class X509CRLImpl method retrieveEntries.

/*
     * Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
     * from the TBSCertList structure and converts them to the
     * X509CRLEntryImpl objects
     */
private void retrieveEntries() {
    entriesRetrieved = true;
    List rcerts = tbsCertList.getRevokedCertificates();
    if (rcerts == null) {
        return;
    }
    entriesSize = rcerts.size();
    entries = new ArrayList(entriesSize);
    // null means that revoked certificate issuer is the same as CRL issuer
    X500Principal rcertIssuer = null;
    for (int i = 0; i < entriesSize; i++) {
        TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
        X500Principal iss = rcert.getIssuer();
        if (iss != null) {
            // certificate issuer differs from CRL issuer
            // and CRL is indirect.
            rcertIssuer = iss;
            isIndirectCRL = true;
            // remember how many leading revoked certificates in the
            // list are issued by the same issuer as issuer of CRL
            // (these certificates are first in the list)
            nonIndirectEntriesSize = i;
        }
        entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
    }
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) TBSCertList(org.apache.harmony.security.x509.TBSCertList) CertificateList(org.apache.harmony.security.x509.CertificateList) List(java.util.List) TBSCertList(org.apache.harmony.security.x509.TBSCertList)

Example 5 with TBSCertList

use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project BiglyBT by BiglySoftware.

the class PrincipalUtil method getIssuerX509Principal.

/**
 * return the issuer of the given CRL as an X509PrincipalObject.
 */
public static X509Principal getIssuerX509Principal(X509CRL crl) throws CRLException {
    try {
        ByteArrayInputStream bIn = new ByteArrayInputStream(crl.getTBSCertList());
        ASN1InputStream aIn = new ASN1InputStream(bIn);
        TBSCertList tbsCertList = new TBSCertList((ASN1Sequence) aIn.readObject());
        return new X509Principal(tbsCertList.getIssuer());
    } catch (IOException e) {
        throw new CRLException(e.toString());
    }
}
Also used : ASN1InputStream(org.gudy.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) TBSCertList(org.gudy.bouncycastle.asn1.x509.TBSCertList) IOException(java.io.IOException) CRLException(java.security.cert.CRLException)

Aggregations

IOException (java.io.IOException)3 CRLException (java.security.cert.CRLException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 X500Principal (javax.security.auth.x500.X500Principal)2 CertificateList (org.apache.harmony.security.x509.CertificateList)2 TBSCertList (org.apache.harmony.security.x509.TBSCertList)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 OutputStream (java.io.OutputStream)1 BigInteger (java.math.BigInteger)1 Signature (java.security.Signature)1 SignatureException (java.security.SignatureException)1 DSAParams (java.security.interfaces.DSAParams)1 DSAPublicKey (java.security.interfaces.DSAPublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 DEROutputStream (org.bouncycastle.asn1.DEROutputStream)1 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1 CertificateList (org.bouncycastle.asn1.x509.CertificateList)1 TBSCertList (org.bouncycastle.asn1.x509.TBSCertList)1 CertException (org.bouncycastle.cert.CertException)1