use of org.xipki.security.ctlog.CtLog.SerializedSCT in project xipki by xipki.
the class CtLogVerifyTest method testVerify.
@Test
public void testVerify() throws Exception {
Security.addProvider(new BouncyCastleProvider());
byte[] keyBytes = read(pubkeyFile);
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(X509Util.toDerEncoded(keyBytes));
byte[] keyId = HashAlgo.SHA256.hash(spki.getEncoded());
System.out.println("keyId: " + Hex.encode(keyId));
PublicKey key = KeyUtil.generatePublicKey(spki);
X509Cert cert = X509Util.parseCert(read(certFile));
X509Cert caCert = X509Util.parseCert(read(caCertFile));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.toBcCert().toASN1Structure().getTBSCertificate());
byte[] extnValue = cert.getExtensionCoreValue(ObjectIdentifiers.Extn.id_SCTs);
byte[] encodedScts = ASN1OctetString.getInstance(extnValue).getOctets();
SignedCertificateTimestampList list = SignedCertificateTimestampList.getInstance(encodedScts);
SerializedSCT sctList = list.getSctList();
int size = sctList.size();
Assert.assertEquals("SCT size", 2, size);
SignedCertificateTimestamp sct = sctList.get(1);
byte[] logId = sct.getLogId();
Assert.assertEquals("logId", Hex.encodeUpper(keyId), Hex.encodeUpper(logId));
Signature sig = Signature.getInstance("SHA256withECDSA");
sig.initVerify(key);
CtLog.update(sig, (byte) sct.getVersion(), sct.getTimestamp(), sct.getExtensions(), issuerKeyHash, preCertTbsCert);
boolean sigValid = sig.verify(sct.getDigitallySigned().getSignature());
Assert.assertEquals("signature valid", true, sigValid);
}
Aggregations