Example 1 with TBSCertList
use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project XobotOS by xamarin.
the class X509CRLImpl method retrieveEntries.
/*
* Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
* from the TBSCertList structure and converts them to the
* X509CRLEntryImpl objects
*/
private void retrieveEntries() {
entriesRetrieved = true;
List rcerts = tbsCertList.getRevokedCertificates();
if (rcerts == null) {
return;
}
entriesSize = rcerts.size();
entries = new ArrayList(entriesSize);
// null means that revoked certificate issuer is the same as CRL issuer
X500Principal rcertIssuer = null;
for (int i = 0; i < entriesSize; i++) {
TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
X500Principal iss = rcert.getIssuer();
if (iss != null) {
// certificate issuer differs from CRL issuer
// and CRL is indirect.
rcertIssuer = iss;
isIndirectCRL = true;
// remember how many leading revoked certificates in the
// list are issued by the same issuer as issuer of CRL
// (these certificates are first in the list)
nonIndirectEntriesSize = i;
}
entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
}
}
Also used :
ArrayList(java.util.ArrayList)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
TBSCertList(org.apache.harmony.security.x509.TBSCertList)
CertificateList(org.apache.harmony.security.x509.CertificateList)
List(java.util.List)
TBSCertList(org.apache.harmony.security.x509.TBSCertList)
Example 2 with TBSCertList
use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project jruby-openssl by jruby.
the class SecurityHelper method verify.
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {
if (crl instanceof X509CRLObject) {
final CertificateList crlList = (CertificateList) getCertificateList(crl);
final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
if (silent)
return false;
throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);
signature.initVerify(publicKey);
signature.update(crl.getTBSCertList());
if (!signature.verify(crl.getSignature())) {
if (silent)
return false;
throw new SignatureException("CRL does not verify with supplied public key.");
}
return true;
} else {
try {
final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
final ContentVerifierProvider verifierProvider;
if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
BigInteger y = ((DSAPublicKey) publicKey).getY();
DSAParams params = ((DSAPublicKey) publicKey).getParams();
DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
} else {
BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
}
return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
} catch (OperatorException e) {
throw new SignatureException(e);
} catch (CertException e) {
throw new SignatureException(e);
}// can happen if the input is DER but does not match expected strucure
catch (ClassCastException e) {
throw new SignatureException(e);
} catch (IOException e) {
throw new SignatureException(e);
}
}
}
Also used :
DSAPublicKeyParameters(org.bouncycastle.crypto.params.DSAPublicKeyParameters)
X509CRLObject(org.bouncycastle.jce.provider.X509CRLObject)
BcRSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertException(org.bouncycastle.cert.CertException)
SignatureException(java.security.SignatureException)
DSAParams(java.security.interfaces.DSAParams)
IOException(java.io.IOException)
DigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)
RSAKeyParameters(org.bouncycastle.crypto.params.RSAKeyParameters)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
DSAPublicKey(java.security.interfaces.DSAPublicKey)
AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Signature(java.security.Signature)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
BcDSAContentVerifierProviderBuilder(org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder)
CRLException(java.security.cert.CRLException)
DSAParameters(org.bouncycastle.crypto.params.DSAParameters)
OperatorException(org.bouncycastle.operator.OperatorException)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
Example 3 with TBSCertList
use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project robovm by robovm.
the class X509CRLHolder method isSignatureValid.
/**
* Validate the signature on the CRL.
*
* @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature.
* @return true if the signature is valid, false otherwise.
* @throws CertException if the signature cannot be processed or is inappropriate.
*/
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException {
TBSCertList tbsCRL = x509CRL.getTBSCertList();
if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) {
throw new CertException("signature invalid - algorithm identifier mismatch");
}
ContentVerifier verifier;
try {
verifier = verifierProvider.get((tbsCRL.getSignature()));
OutputStream sOut = verifier.getOutputStream();
DEROutputStream dOut = new DEROutputStream(sOut);
dOut.writeObject(tbsCRL);
sOut.close();
} catch (Exception e) {
throw new CertException("unable to process signature: " + e.getMessage(), e);
}
return verifier.verify(x509CRL.getSignature().getBytes());
}
Also used :
ContentVerifier(org.bouncycastle.operator.ContentVerifier)
OutputStream(java.io.OutputStream)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
TBSCertList(org.bouncycastle.asn1.x509.TBSCertList)
IOException(java.io.IOException)
DEROutputStream(org.bouncycastle.asn1.DEROutputStream)
Example 4 with TBSCertList
use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project robovm by robovm.
the class X509CRLImpl method retrieveEntries.
/*
* Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
* from the TBSCertList structure and converts them to the
* X509CRLEntryImpl objects
*/
private void retrieveEntries() {
entriesRetrieved = true;
List rcerts = tbsCertList.getRevokedCertificates();
if (rcerts == null) {
return;
}
entriesSize = rcerts.size();
entries = new ArrayList(entriesSize);
// null means that revoked certificate issuer is the same as CRL issuer
X500Principal rcertIssuer = null;
for (int i = 0; i < entriesSize; i++) {
TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
X500Principal iss = rcert.getIssuer();
if (iss != null) {
// certificate issuer differs from CRL issuer
// and CRL is indirect.
rcertIssuer = iss;
isIndirectCRL = true;
// remember how many leading revoked certificates in the
// list are issued by the same issuer as issuer of CRL
// (these certificates are first in the list)
nonIndirectEntriesSize = i;
}
entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
}
}
Also used :
ArrayList(java.util.ArrayList)
X500Principal(javax.security.auth.x500.X500Principal)
ArrayList(java.util.ArrayList)
TBSCertList(org.apache.harmony.security.x509.TBSCertList)
CertificateList(org.apache.harmony.security.x509.CertificateList)
List(java.util.List)
TBSCertList(org.apache.harmony.security.x509.TBSCertList)
Example 5 with TBSCertList
use of org.gudy.bouncycastle.asn1.x509.TBSCertList in project BiglyBT by BiglySoftware.
the class PrincipalUtil method getIssuerX509Principal.
/**
* return the issuer of the given CRL as an X509PrincipalObject.
*/
public static X509Principal getIssuerX509Principal(X509CRL crl) throws CRLException {
try {
ByteArrayInputStream bIn = new ByteArrayInputStream(crl.getTBSCertList());
ASN1InputStream aIn = new ASN1InputStream(bIn);
TBSCertList tbsCertList = new TBSCertList((ASN1Sequence) aIn.readObject());
return new X509Principal(tbsCertList.getIssuer());
} catch (IOException e) {
throw new CRLException(e.toString());
}
}
Also used :
ASN1InputStream(org.gudy.bouncycastle.asn1.ASN1InputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
TBSCertList(org.gudy.bouncycastle.asn1.x509.TBSCertList)
IOException(java.io.IOException)
CRLException(java.security.cert.CRLException)
Aggregations
IOException (java.io.IOException)3
CRLException (java.security.cert.CRLException)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
X500Principal (javax.security.auth.x500.X500Principal)2
CertificateList (org.apache.harmony.security.x509.CertificateList)2
TBSCertList (org.apache.harmony.security.x509.TBSCertList)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
OutputStream (java.io.OutputStream)1
BigInteger (java.math.BigInteger)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
DSAParams (java.security.interfaces.DSAParams)1
DSAPublicKey (java.security.interfaces.DSAPublicKey)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
DEROutputStream (org.bouncycastle.asn1.DEROutputStream)1
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1
CertificateList (org.bouncycastle.asn1.x509.CertificateList)1
TBSCertList (org.bouncycastle.asn1.x509.TBSCertList)1
CertException (org.bouncycastle.cert.CertException)1
