List of usage examples for org.bouncycastle.asn1.x509 CertificateList getTBSCertList
public TBSCertList getTBSCertList()
From source file:org.jruby.ext.openssl.SecurityHelper.java
License:Open Source License
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException { if (crl instanceof X509CRLObject) { final CertificateList crlList = (CertificateList) getCertificateList(crl); final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature(); if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) { if (silent) return false; throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); }//w w w. java 2s . c om final Signature signature = getSignature(crl.getSigAlgName(), securityProvider); signature.initVerify(publicKey); signature.update(crl.getTBSCertList()); if (!signature.verify(crl.getSignature())) { if (silent) return false; throw new SignatureException("CRL does not verify with supplied public key."); } return true; } else { try { final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); final ContentVerifierProvider verifierProvider; if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) { BigInteger y = ((DSAPublicKey) publicKey).getY(); DSAParams params = ((DSAPublicKey) publicKey).getParams(); DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters); verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey); } else { BigInteger mod = ((RSAPublicKey) publicKey).getModulus(); BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent(); AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp); verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey); } return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider); } catch (OperatorException e) { throw new SignatureException(e); } catch (CertException e) { throw new SignatureException(e); } // can happen if the input is DER but does not match expected strucure catch (ClassCastException e) { throw new SignatureException(e); } catch (IOException e) { throw new SignatureException(e); } } }
From source file:org.xipki.commons.security.shell.CrlInfoCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { CertificateList crl = CertificateList.getInstance(IoUtil.read(inFile)); if (crlNumber != null && crlNumber) { ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue(Extension.cRLNumber); if (asn1 == null) { return "null"; }//from ww w . java 2s.com return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue()); } else if (issuer != null && issuer) { return crl.getIssuer().toString(); } else if (thisUpdate != null && thisUpdate) { return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate()); } else if (nextUpdate != null && nextUpdate) { return crl.getNextUpdate() == null ? "null" : toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate()); } return null; }
From source file:test.be.fedict.eid.applet.PcscTest.java
License:Open Source License
@Test public void testBeIDPKIValidationCRLOnly() throws Exception { PcscEid pcscEid = new PcscEid(new TestView(), this.messages); if (false == pcscEid.isEidPresent()) { LOG.debug("insert eID card"); pcscEid.waitForEidPresent();//from w w w.j a v a 2s . com } List<X509Certificate> certChain; try { certChain = pcscEid.getSignCertificateChain(); } finally { pcscEid.close(); } LOG.debug("certificate: " + certChain.get(0)); NetworkConfig networkConfig = new NetworkConfig("proxy.yourict.net", 8080); MemoryCertificateRepository memoryCertificateRepository = new MemoryCertificateRepository(); X509Certificate rootCaCertificate = loadCertificate("be/fedict/trust/belgiumrca.crt"); memoryCertificateRepository.addTrustPoint(rootCaCertificate); X509Certificate rootCa2Certificate = loadCertificate("be/fedict/trust/belgiumrca2.crt"); memoryCertificateRepository.addTrustPoint(rootCa2Certificate); RevocationData revocationData = new RevocationData(); TrustValidator trustValidator = new TrustValidator(memoryCertificateRepository); trustValidator.setRevocationData(revocationData); trustValidator.addTrustLinker(new PublicKeyTrustLinker()); OnlineCrlRepository crlRepository = new OnlineCrlRepository(networkConfig); trustValidator.addTrustLinker(new CrlTrustLinker(crlRepository)); try { trustValidator.isTrusted(certChain); } catch (Exception e) { LOG.warn("error: " + e.getMessage()); } byte[] crlData = revocationData.getCrlRevocationData().get(1).getData(); CertificateList certificateList = CertificateList.getInstance(new ASN1InputStream(crlData).readObject()); X509Extensions crlExtensions = certificateList.getTBSCertList().getExtensions(); Enumeration<DERObjectIdentifier> oids = crlExtensions.oids(); while (oids.hasMoreElements()) { LOG.debug("oid type: " + oids.nextElement().getId()); } }