use of org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp in project xipki by xipki.
the class CtLogTest method parseCtLogInCert.
private void parseCtLogInCert(String certFile) throws Exception {
byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
certBytes = X509Util.toDerEncoded(certBytes);
Certificate cert = Certificate.getInstance(certBytes);
Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
sct.getDigitallySigned().getEncoded();
sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
byte[] encoded2 = sctList2.getEncoded();
Assert.assertArrayEquals(encodedScts, encoded2);
}
use of org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp in project xipki by xipki.
the class CtLogVerifyTest method testVerify.
@Test
public void testVerify() throws Exception {
Security.addProvider(new BouncyCastleProvider());
byte[] keyBytes = read(pubkeyFile);
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(X509Util.toDerEncoded(keyBytes));
byte[] keyId = HashAlgo.SHA256.hash(spki.getEncoded());
System.out.println("keyId: " + Hex.encode(keyId));
PublicKey key = KeyUtil.generatePublicKey(spki);
X509Cert cert = X509Util.parseCert(read(certFile));
X509Cert caCert = X509Util.parseCert(read(caCertFile));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.toBcCert().toASN1Structure().getTBSCertificate());
byte[] extnValue = cert.getExtensionCoreValue(ObjectIdentifiers.Extn.id_SCTs);
byte[] encodedScts = ASN1OctetString.getInstance(extnValue).getOctets();
SignedCertificateTimestampList list = SignedCertificateTimestampList.getInstance(encodedScts);
SerializedSCT sctList = list.getSctList();
int size = sctList.size();
Assert.assertEquals("SCT size", 2, size);
SignedCertificateTimestamp sct = sctList.get(1);
byte[] logId = sct.getLogId();
Assert.assertEquals("logId", Hex.encodeUpper(keyId), Hex.encodeUpper(logId));
Signature sig = Signature.getInstance("SHA256withECDSA");
sig.initVerify(key);
CtLog.update(sig, (byte) sct.getVersion(), sct.getTimestamp(), sct.getExtensions(), issuerKeyHash, preCertTbsCert);
boolean sigValid = sig.verify(sct.getDigitallySigned().getSignature());
Assert.assertEquals("signature valid", true, sigValid);
}
Aggregations