Search in sources :

Example 1 with SerializedSCT

use of org.xipki.security.ctlog.CtLog.SerializedSCT in project xipki by xipki.

the class CtLogVerifyTest method testVerify.

@Test
public void testVerify() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    byte[] keyBytes = read(pubkeyFile);
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(X509Util.toDerEncoded(keyBytes));
    byte[] keyId = HashAlgo.SHA256.hash(spki.getEncoded());
    System.out.println("keyId: " + Hex.encode(keyId));
    PublicKey key = KeyUtil.generatePublicKey(spki);
    X509Cert cert = X509Util.parseCert(read(certFile));
    X509Cert caCert = X509Util.parseCert(read(caCertFile));
    byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
    byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.toBcCert().toASN1Structure().getTBSCertificate());
    byte[] extnValue = cert.getExtensionCoreValue(ObjectIdentifiers.Extn.id_SCTs);
    byte[] encodedScts = ASN1OctetString.getInstance(extnValue).getOctets();
    SignedCertificateTimestampList list = SignedCertificateTimestampList.getInstance(encodedScts);
    SerializedSCT sctList = list.getSctList();
    int size = sctList.size();
    Assert.assertEquals("SCT size", 2, size);
    SignedCertificateTimestamp sct = sctList.get(1);
    byte[] logId = sct.getLogId();
    Assert.assertEquals("logId", Hex.encodeUpper(keyId), Hex.encodeUpper(logId));
    Signature sig = Signature.getInstance("SHA256withECDSA");
    sig.initVerify(key);
    CtLog.update(sig, (byte) sct.getVersion(), sct.getTimestamp(), sct.getExtensions(), issuerKeyHash, preCertTbsCert);
    boolean sigValid = sig.verify(sct.getDigitallySigned().getSignature());
    Assert.assertEquals("signature valid", true, sigValid);
}
Also used : SerializedSCT(org.xipki.security.ctlog.CtLog.SerializedSCT) PublicKey(java.security.PublicKey) X509Cert(org.xipki.security.X509Cert) Signature(java.security.Signature) SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp) Test(org.junit.Test)

Aggregations

PublicKey (java.security.PublicKey)1 Signature (java.security.Signature)1 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1 Test (org.junit.Test)1 X509Cert (org.xipki.security.X509Cert)1 SerializedSCT (org.xipki.security.ctlog.CtLog.SerializedSCT)1 SignedCertificateTimestamp (org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)1 SignedCertificateTimestampList (org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList)1