Search in sources :

Example 1 with SignedCertificateTimestamp

use of org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp in project xipki by xipki.

the class CtLogTest method parseCtLogInCert.

private void parseCtLogInCert(String certFile) throws Exception {
    byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
    certBytes = X509Util.toDerEncoded(certBytes);
    Certificate cert = Certificate.getInstance(certBytes);
    Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
    byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
    SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
    SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
    sct.getDigitallySigned().getEncoded();
    sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
    byte[] encoded2 = sctList2.getEncoded();
    Assert.assertArrayEquals(encodedScts, encoded2);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList) Certificate(org.bouncycastle.asn1.x509.Certificate) SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)

Example 2 with SignedCertificateTimestamp

use of org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp in project xipki by xipki.

the class CtLogVerifyTest method testVerify.

@Test
public void testVerify() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    byte[] keyBytes = read(pubkeyFile);
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(X509Util.toDerEncoded(keyBytes));
    byte[] keyId = HashAlgo.SHA256.hash(spki.getEncoded());
    System.out.println("keyId: " + Hex.encode(keyId));
    PublicKey key = KeyUtil.generatePublicKey(spki);
    X509Cert cert = X509Util.parseCert(read(certFile));
    X509Cert caCert = X509Util.parseCert(read(caCertFile));
    byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
    byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.toBcCert().toASN1Structure().getTBSCertificate());
    byte[] extnValue = cert.getExtensionCoreValue(ObjectIdentifiers.Extn.id_SCTs);
    byte[] encodedScts = ASN1OctetString.getInstance(extnValue).getOctets();
    SignedCertificateTimestampList list = SignedCertificateTimestampList.getInstance(encodedScts);
    SerializedSCT sctList = list.getSctList();
    int size = sctList.size();
    Assert.assertEquals("SCT size", 2, size);
    SignedCertificateTimestamp sct = sctList.get(1);
    byte[] logId = sct.getLogId();
    Assert.assertEquals("logId", Hex.encodeUpper(keyId), Hex.encodeUpper(logId));
    Signature sig = Signature.getInstance("SHA256withECDSA");
    sig.initVerify(key);
    CtLog.update(sig, (byte) sct.getVersion(), sct.getTimestamp(), sct.getExtensions(), issuerKeyHash, preCertTbsCert);
    boolean sigValid = sig.verify(sct.getDigitallySigned().getSignature());
    Assert.assertEquals("signature valid", true, sigValid);
}
Also used : SerializedSCT(org.xipki.security.ctlog.CtLog.SerializedSCT) PublicKey(java.security.PublicKey) X509Cert(org.xipki.security.X509Cert) Signature(java.security.Signature) SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp) Test(org.junit.Test)

Aggregations

SignedCertificateTimestamp (org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)2 SignedCertificateTimestampList (org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList)2 PublicKey (java.security.PublicKey)1 Signature (java.security.Signature)1 Certificate (org.bouncycastle.asn1.x509.Certificate)1 Extension (org.bouncycastle.asn1.x509.Extension)1 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1 Test (org.junit.Test)1 X509Cert (org.xipki.security.X509Cert)1 SerializedSCT (org.xipki.security.ctlog.CtLog.SerializedSCT)1