use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class HostnameVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostOrIp) throws CertificateVerificationException {
try {
TlsCertificate tlsCert = chain.getCertificate().getCertificateAt(0);
Certificate cert = Certificate.getInstance(tlsCert.getEncoded());
validInt(cert, hostOrIp);
} catch (IOException ex) {
throw new CertificateVerificationException("Invalid certificate received from server.", ex);
}
}
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class KeyLengthVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
try {
boolean firstCert = true;
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate x509 = Certificate.getInstance(next.getEncoded());
boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
// skip key comparison step if this is a root certificate, but still check self signed server certs
boolean isRootCert = selfSigned && !firstCert;
if (!isRootCert) {
// get public key and determine minimum size for the actual type
SubjectPublicKeyInfo pkInfo = x509.getSubjectPublicKeyInfo();
AsymmetricKeyParameter key = PublicKeyFactory.createKey(pkInfo);
KeyTools.assertKeyLength(key);
firstCert = false;
}
}
} catch (IOException ex) {
String msg = "Failed to extract public key from certificate.";
throw new CertificateVerificationException(msg, ex);
} catch (KeyLengthException ex) {
String msg = "The key in the certificate does not satisfy the length requirements.";
throw new CertificateVerificationException(msg, ex);
}
}
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class ExpirationVerifier method isValid.
@Override
public void isValid(TlsServerCertificate chain, String hostOrIP) throws CertificateVerificationException {
try {
Date now = new Date();
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate c = Certificate.getInstance(next.getEncoded());
Date expDate = c.getEndDate().getDate();
if (now.after(expDate)) {
String msg = String.format("The certificate '%s' expired at %s.", c.getSubject(), expDate);
throw new CertificateVerificationException(msg);
}
}
} catch (IOException ex) {
throw new CertificateVerificationException("Invalid certificate received from server.", ex);
}
}
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class KeyTools method convertCertificates.
/**
* Converts the given certificate chain to a JCA CertPath.
*
* @param chain BouncyCastle list of certificates.
* @return CertPath instance with the exact same certificate chain.
* @throws CertificateException Thrown in case the JCA has problems supporting X509 or one of the certificates.
* @throws IOException Thrown in case there is en encoding error.
*/
public static CertPath convertCertificates(TlsCertificate... chain) throws CertificateException, IOException {
final int numCerts = chain.length;
ArrayList<java.security.cert.Certificate> result = new ArrayList<>(numCerts);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (TlsCertificate next : chain) {
byte[] nextData = next.getEncoded();
ByteArrayInputStream nextDataStream = new ByteArrayInputStream(nextData);
java.security.cert.Certificate nextConverted = cf.generateCertificate(nextDataStream);
result.add(nextConverted);
}
return cf.generateCertPath(result);
}
use of org.openecard.bouncycastle.tls.crypto.TlsCertificate in project open-ecard by ecsec.
the class JavaSecVerifier method convertChain.
public static CertPath convertChain(TlsServerCertificate chain) throws CertificateException, IOException {
final int numCerts = chain.getCertificate().getCertificateList().length;
ArrayList<java.security.cert.Certificate> result = new ArrayList<>(numCerts);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
Certificate nextConverted = convertCertificateInt(cf, next);
result.add(nextConverted);
}
return cf.generateCertPath(result);
}
Aggregations