Search in sources :

Example 1 with KeyLengthException

use of org.openecard.crypto.common.keystore.KeyLengthException in project open-ecard by ecsec.

the class KeyLengthVerifier method isValid.

@Override
public void isValid(TlsServerCertificate chain, String hostname) throws CertificateVerificationException {
    try {
        boolean firstCert = true;
        for (TlsCertificate next : chain.getCertificate().getCertificateList()) {
            Certificate x509 = Certificate.getInstance(next.getEncoded());
            boolean selfSigned = x509.getIssuer().equals(x509.getSubject());
            // skip key comparison step if this is a root certificate, but still check self signed server certs
            boolean isRootCert = selfSigned && !firstCert;
            if (!isRootCert) {
                // get public key and determine minimum size for the actual type
                SubjectPublicKeyInfo pkInfo = x509.getSubjectPublicKeyInfo();
                AsymmetricKeyParameter key = PublicKeyFactory.createKey(pkInfo);
                KeyTools.assertKeyLength(key);
                firstCert = false;
            }
        }
    } catch (IOException ex) {
        String msg = "Failed to extract public key from certificate.";
        throw new CertificateVerificationException(msg, ex);
    } catch (KeyLengthException ex) {
        String msg = "The key in the certificate does not satisfy the length requirements.";
        throw new CertificateVerificationException(msg, ex);
    }
}
Also used : AsymmetricKeyParameter(org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter) CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) IOException(java.io.IOException) SubjectPublicKeyInfo(org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo) KeyLengthException(org.openecard.crypto.common.keystore.KeyLengthException) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) Certificate(org.openecard.bouncycastle.asn1.x509.Certificate) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)

Aggregations

IOException (java.io.IOException)1 Certificate (org.openecard.bouncycastle.asn1.x509.Certificate)1 SubjectPublicKeyInfo (org.openecard.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1 AsymmetricKeyParameter (org.openecard.bouncycastle.crypto.params.AsymmetricKeyParameter)1 TlsServerCertificate (org.openecard.bouncycastle.tls.TlsServerCertificate)1 TlsCertificate (org.openecard.bouncycastle.tls.crypto.TlsCertificate)1 KeyLengthException (org.openecard.crypto.common.keystore.KeyLengthException)1 CertificateVerificationException (org.openecard.crypto.tls.CertificateVerificationException)1