Example 1 with TlsCertificate
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class HostnameVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostOrIp) throws CertificateVerificationException {
try {
TlsCertificate tlsCert = chain.getCertificate().getCertificateAt(0);
Certificate cert = Certificate.getInstance(tlsCert.getEncoded());
validInt(cert, hostOrIp);
} catch (IOException ex) {
throw new CertificateVerificationException("Invalid certificate received from server.", ex);
}
}
Also used :
CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException)
IOException(java.io.IOException)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate)
Certificate(org.openecard.bouncycastle.asn1.x509.Certificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
Example 2 with TlsCertificate
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class KeyLengthVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
try {
boolean firstCert = true;
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate x509 = Certificate.getInstance(next.getEncoded());
boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
// skip key comparison step if this is a root certificate, but still check self signed server certs
boolean isRootCert = selfSigned && !firstCert;
if (!isRootCert) {
// get public key and determine minimum size for the actual type
SubjectPublicKeyInfo pkInfo = x509.getSubjectPublicKeyInfo();
AsymmetricKeyParameter key = PublicKeyFactory.createKey(pkInfo);
KeyTools.assertKeyLength(key);
firstCert = false;
}
}
} catch (IOException ex) {
String msg = "Failed to extract public key from certificate.";
throw new CertificateVerificationException(msg, ex);
} catch (KeyLengthException ex) {
String msg = "The key in the certificate does not satisfy the length requirements.";
throw new CertificateVerificationException(msg, ex);
}
}
Also used :
AsymmetricKeyParameter(org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter)
CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException)
IOException(java.io.IOException)
SubjectPublicKeyInfo(org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
KeyLengthException(org.openecard.crypto.common.keystore.KeyLengthException)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate)
Certificate(org.openecard.bouncycastle.asn1.x509.Certificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
Example 3 with TlsCertificate
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class ExpirationVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostOrIP) throws CertificateVerificationException {
try {
Date now = new Date();
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate c = Certificate.getInstance(next.getEncoded());
Date expDate = c.getEndDate().getDate();
if (now.after(expDate)) {
String msg = String.format("The certificate '%s' expired at %s.", c.getSubject(), expDate);
throw new CertificateVerificationException(msg);
}
}
} catch (IOException ex) {
throw new CertificateVerificationException("Invalid certificate received from server.", ex);
}
}
Also used :
CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException)
IOException(java.io.IOException)
Date(java.util.Date)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
Certificate(org.openecard.bouncycastle.asn1.x509.Certificate)
Example 4 with TlsCertificate
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class KeyTools method convertCertificates.
/**
* Converts the given certificate chain to a JCA CertPath.
*
* @param chain BouncyCastle list of certificates.
* @return CertPath instance with the exact same certificate chain.
* @throws CertificateException Thrown in case the JCA has problems supporting X509 or one of the certificates.
* @throws IOException Thrown in case there is en encoding error.
*/
public static CertPath convertCertificates(TlsCertificate... chain) throws CertificateException, IOException {
final int numCerts = chain.length;
ArrayList<java.security.cert.Certificate> result = new ArrayList<>(numCerts);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (TlsCertificate next : chain) {
byte[] nextData = next.getEncoded();
ByteArrayInputStream nextDataStream = new ByteArrayInputStream(nextData);
java.security.cert.Certificate nextConverted = cf.generateCertificate(nextDataStream);
result.add(nextConverted);
}
return cf.generateCertPath(result);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ArrayList(java.util.ArrayList)
CertificateFactory(java.security.cert.CertificateFactory)
Certificate(org.openecard.bouncycastle.tls.Certificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
Example 5 with TlsCertificate
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class JavaSecVerifier method convertChain.
public static CertPath convertChain(TlsServerCertificate chain) throws CertificateException, IOException {
final int numCerts = chain.getCertificate().getCertificateList().length;
ArrayList<java.security.cert.Certificate> result = new ArrayList<>(numCerts);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate nextConverted = convertCertificateInt(cf, next);
result.add(nextConverted);
}
return cf.generateCertPath(result);
}
Also used :
ArrayList(java.util.ArrayList)
CertificateFactory(java.security.cert.CertificateFactory)
TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate)
Certificate(java.security.cert.Certificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)
Aggregations
TlsCertificate (org.openecard.bouncycastle.tls.crypto.TlsCertificate)5
TlsServerCertificate (org.openecard.bouncycastle.tls.TlsServerCertificate)4
IOException (java.io.IOException)3
Certificate (org.openecard.bouncycastle.asn1.x509.Certificate)3
CertificateVerificationException (org.openecard.crypto.tls.CertificateVerificationException)3
CertificateFactory (java.security.cert.CertificateFactory)2
ArrayList (java.util.ArrayList)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
Certificate (java.security.cert.Certificate)1
Date (java.util.Date)1
SubjectPublicKeyInfo (org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1
AsymmetricKeyParameter (org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter)1
Certificate (org.openecard.bouncycastle.tls.Certificate)1
KeyLengthException (org.openecard.crypto.common.keystore.KeyLengthException)1
