Example usage for org.bouncycastle.asn1.x509 CertificateList getSignatureAlgorithm

Introduction

In this page you can find the example usage for org.bouncycastle.asn1.x509 CertificateList getSignatureAlgorithm.

Prototype

public AlgorithmIdentifier getSignatureAlgorithm() 

Source Link

Usage

From source file:org.jruby.ext.openssl.SecurityHelper.java

License:Open Source License

static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent)
        throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException {

    if (crl instanceof X509CRLObject) {
        final CertificateList crlList = (CertificateList) getCertificateList(crl);
        final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature();
        if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) {
            if (silent)
                return false;
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }//  w  w w .ja  v  a2 s  .c  om

        final Signature signature = getSignature(crl.getSigAlgName(), securityProvider);

        signature.initVerify(publicKey);
        signature.update(crl.getTBSCertList());

        if (!signature.verify(crl.getSignature())) {
            if (silent)
                return false;
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
        return true;
    } else {
        try {
            final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
            final ContentVerifierProvider verifierProvider;
            if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) {
                BigInteger y = ((DSAPublicKey) publicKey).getY();
                DSAParams params = ((DSAPublicKey) publicKey).getParams();
                DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
                AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters);
                verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey);
            } else {
                BigInteger mod = ((RSAPublicKey) publicKey).getModulus();
                BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent();
                AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp);
                verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey);
            }
            return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider);
        } catch (OperatorException e) {
            throw new SignatureException(e);
        } catch (CertException e) {
            throw new SignatureException(e);
        }
        // can happen if the input is DER but does not match expected strucure
        catch (ClassCastException e) {
            throw new SignatureException(e);
        } catch (IOException e) {
            throw new SignatureException(e);
        }
    }
}

---