List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateHolder isSignatureValid
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException
From source file:net.maritimecloud.identityregistry.keycloak.spi.authenticators.certificate.utils.CertificateUtil.java
License:Apache License
public boolean verifyCertificate(X509Certificate certToVerify) { Certificate rootCert = getRootCertificate(); JcaX509CertificateHolder certHolder; try {//from w w w . j a v a 2 s . c o m certHolder = new JcaX509CertificateHolder(certToVerify); } catch (CertificateEncodingException e) { logger.error("Could not create JcaX509CertificateHolder", e); return false; } PublicKey pubKey = rootCert.getPublicKey(); if (pubKey == null) { return false; } ContentVerifierProvider contentVerifierProvider = null; try { contentVerifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC_PROVIDER_NAME) .build(pubKey); } catch (OperatorCreationException e) { logger.error("Could not create ContentVerifierProvider from public key", e); return false; } if (contentVerifierProvider == null) { return false; } try { if (certHolder.isSignatureValid(contentVerifierProvider)) { return true; } } catch (CertException e) { logger.error("Error when trying to validate signature", e); return false; } return true; }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
License:Apache License
public boolean verifyCertificate(X509Certificate certToVerify) { Certificate rootCert = getMCCertificate(INTERMEDIATE_CERT_ALIAS); JcaX509CertificateHolder certHolder; try {//from w w w . jav a2 s. c o m certHolder = new JcaX509CertificateHolder(certToVerify); } catch (CertificateEncodingException e) { log.error("Could not create JcaX509CertificateHolder", e); return false; } PublicKey pubKey = rootCert.getPublicKey(); if (pubKey == null) { log.error("Could not get public key of root certificate"); return false; } ContentVerifierProvider contentVerifierProvider; try { contentVerifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC_PROVIDER_NAME) .build(pubKey); } catch (OperatorCreationException e) { log.error("Could not create ContentVerifierProvider from public key", e); return false; } if (contentVerifierProvider == null) { log.error("Created ContentVerifierProvider from root public key is null"); return false; } try { if (certHolder.isSignatureValid(contentVerifierProvider)) { return true; } } catch (CertException e) { log.error("Error when trying to validate signature", e); return false; } log.debug("Certificate does not seem to be valid!"); return false; }
From source file:net.maritimecloud.pki.CertificateHandler.java
License:Apache License
/** * Verify a single certificate against the public key of the issueing certificate. Does *not* check revocation * status against CRL/OCSP./*w w w . ja v a 2s . c om*/ * In most cases you should probably use * {@link #verifyCertificateChain(X509Certificate, KeyStore) verifyCertificateChain} instead to verify the * complete chain. * * @param verificationPubKey Public key of the issuing certificate * @param certToVerify The certificate to verify * @param verificationDate Date the certificate must be valid. If null the present day is used. * @return true if valid else false */ public static boolean verifyCertificate(PublicKey verificationPubKey, X509Certificate certToVerify, Date verificationDate) { JcaX509CertificateHolder certHolder; try { certHolder = new JcaX509CertificateHolder(certToVerify); } catch (CertificateEncodingException e) { log.error("Could not create JcaX509CertificateHolder", e); return false; } ContentVerifierProvider contentVerifierProvider; try { contentVerifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC_PROVIDER_NAME) .build(verificationPubKey); } catch (OperatorCreationException e) { log.error("Could not create ContentVerifierProvider from public key", e); return false; } if (contentVerifierProvider == null) { log.error("Created ContentVerifierProvider from root public key is null"); return false; } try { if (certHolder.isSignatureValid(contentVerifierProvider)) { if (verificationDate == null) { verificationDate = new Date(); } if (verificationDate.after(certToVerify.getNotBefore()) && verificationDate.before(certToVerify.getNotAfter())) { return true; } } } catch (CertException e) { log.error("Error when trying to validate signature", e); return false; } log.debug("Certificate does not seem to be valid!"); return false; }
From source file:org.jscep.client.Client.java
License:Open Source License
private void verifyRA(final X509Certificate ca, final X509Certificate ra) throws ClientException { LOGGER.debug("Verifying signature of RA certificate"); if (ca.equals(ra)) { LOGGER.debug("RA and CA are identical"); return;/*from w ww. j av a2 s.co m*/ } try { JcaX509CertificateHolder raHolder = new JcaX509CertificateHolder(ra); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().build(ca); if (!raHolder.isSignatureValid(verifierProvider)) { LOGGER.debug("Signature verification failed for RA."); throw new ClientException("RA not issued by CA"); } else { LOGGER.debug("Signature verification passed for RA."); } } catch (CertException e) { throw new ClientException(e); } catch (CertificateEncodingException e) { throw new ClientException(e); } catch (OperatorCreationException e) { throw new ClientException(e); } }
From source file:org.jscep.client.Client.java
License:Open Source License
private boolean isSelfSigned(final X509Certificate cert) throws ClientException { try {//from w w w .j av a 2 s . c om JcaX509CertificateHolder holder = new JcaX509CertificateHolder(cert); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().build(holder); return holder.isSignatureValid(verifierProvider); } catch (RuntimeOperatorException e) { if (e.getCause() instanceof SignatureException) { LOGGER.warn("SignatureException detected so we consider that the certificate is not self signed"); return false; } throw new ClientException(e); } catch (Exception e) { throw new ClientException(e); } }