List of usage examples for org.bouncycastle.operator.bc BcRSAContentVerifierProviderBuilder BcRSAContentVerifierProviderBuilder
public BcRSAContentVerifierProviderBuilder(DigestAlgorithmIdentifierFinder digestAlgorithmFinder)
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Check if the certificate was signed by the specified public key. * * @param signerPublicKey/*from w w w .j a va2 s . co m*/ * the signer's public key * @return true if signed by it */ public boolean isValidSignature(AsymmetricKeyParameter signerPublicKey) { try { ContentVerifierProvider verifierProvider = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(signerPublicKey); return certificateHolder.isSignatureValid(verifierProvider); } catch (Exception e) { throw new SmallToolsException("Problem validating the certificate", e); } }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Check if the certificate was signed by the specified public key. * * @param signerPublicKey/*from w w w. ja v a 2 s. c om*/ * the signer's pair of keys that contains the public key * @return true if signed by it */ public boolean isValidSignature(AsymmetricKeys signerPublicKey) { try { ContentVerifierProvider verifierProvider = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(signerPublicKey.getPublicKey()); return certificateHolder.isSignatureValid(verifierProvider); } catch (Exception e) { throw new SmallToolsException("Problem validating the certificate", e); } }
From source file:com.foilen.smalltools.crypt.bouncycastle.cert.RSACertificate.java
License:Open Source License
/** * Check if the certificate was signed by the specified certificate. * * @param signerCertificate//from w w w . ja va2s. c o m * the signer's certificate * @return true if signed by it */ public boolean isValidSignature(RSACertificate signerCertificate) { try { ContentVerifierProvider verifierProvider = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(signerCertificate.certificateHolder); return certificateHolder.isSignatureValid(verifierProvider); } catch (Exception e) { throw new SmallToolsException("Problem validating the certificate", e); } }
From source file:net.wstech2.me.httpsclient.CertificateValidatorUtils.java
License:Apache License
/** * Validates the certificate signature (hash). * /*from w w w . jav a 2 s .c o m*/ * @param cert * The certificate to be validated. * @param issuerCert * the issuer (normally a C.A.) certificate corresponding to the * key used to sign the certificate indicated at the previous * parameter. * * @param errors * a list to be filled - if needed - with errors detected during * the validation process. See * {@link CertificateValidationException#setErrors(List)}. * * @return True if the certificate signature is valid. False otherwise. * @throws IOException * @throws InvalidCipherTextException * @throws CertException * @throws OperatorCreationException * */ public static boolean verifySignature(org.bouncycastle.asn1.x509.Certificate cert, org.bouncycastle.asn1.x509.Certificate issuerCert, List errors) throws OperatorCreationException, CertException, IOException { boolean retval = false; if (!CertificateValidatorUtils.isAlgIdEqual(cert.getTBSCertificate().getSignature(), cert.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifierProvider verifierProvider = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build( PublicKeyFactory.createKey(issuerCert.getTBSCertificate().getSubjectPublicKeyInfo())); ContentVerifier verifier; try { verifier = verifierProvider.get((cert.getTBSCertificate().getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(cert.getTBSCertificate()); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } retval = verifier.verify(cert.getSignature().getBytes()); if (retval == false) { String error = "Invalid certificate signature for [[" + extractCommonName(cert, true) + "]] validated against the Signer Certificate [[" + extractCommonName(issuerCert, true) + "]]."; HttpsConnectionUtils.logError(error); errors.add(error); } return retval; }
From source file:org.italiangrid.voms.ac.impl.DefaultVOMSValidationStrategy.java
License:Apache License
private boolean verifyACSignature(VOMSAttribute attributes, X509Certificate cert) { try {// w ww .j a v a 2 s. c o m X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); ContentVerifierProvider cvp = new BcRSAContentVerifierProviderBuilder( new DefaultDigestAlgorithmIdentifierFinder()).build(certHolder); return attributes.getVOMSAC().isSignatureValid(cvp); } catch (Exception e) { throw new VOMSError("Error verifying AC signature: " + e.getMessage(), e); } }
From source file:org.jruby.ext.openssl.SecurityHelper.java
License:Open Source License
static boolean verify(final X509CRL crl, final PublicKey publicKey, final boolean silent) throws NoSuchAlgorithmException, CRLException, InvalidKeyException, SignatureException { if (crl instanceof X509CRLObject) { final CertificateList crlList = (CertificateList) getCertificateList(crl); final AlgorithmIdentifier tbsSignatureId = crlList.getTBSCertList().getSignature(); if (!crlList.getSignatureAlgorithm().equals(tbsSignatureId)) { if (silent) return false; throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); }//w ww .ja va 2 s .c o m final Signature signature = getSignature(crl.getSigAlgName(), securityProvider); signature.initVerify(publicKey); signature.update(crl.getTBSCertList()); if (!signature.verify(crl.getSignature())) { if (silent) return false; throw new SignatureException("CRL does not verify with supplied public key."); } return true; } else { try { final DigestAlgorithmIdentifierFinder digestAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); final ContentVerifierProvider verifierProvider; if ("DSA".equalsIgnoreCase(publicKey.getAlgorithm())) { BigInteger y = ((DSAPublicKey) publicKey).getY(); DSAParams params = ((DSAPublicKey) publicKey).getParams(); DSAParameters parameters = new DSAParameters(params.getP(), params.getQ(), params.getG()); AsymmetricKeyParameter dsaKey = new DSAPublicKeyParameters(y, parameters); verifierProvider = new BcDSAContentVerifierProviderBuilder(digestAlgFinder).build(dsaKey); } else { BigInteger mod = ((RSAPublicKey) publicKey).getModulus(); BigInteger exp = ((RSAPublicKey) publicKey).getPublicExponent(); AsymmetricKeyParameter rsaKey = new RSAKeyParameters(false, mod, exp); verifierProvider = new BcRSAContentVerifierProviderBuilder(digestAlgFinder).build(rsaKey); } return new X509CRLHolder(crl.getEncoded()).isSignatureValid(verifierProvider); } catch (OperatorException e) { throw new SignatureException(e); } catch (CertException e) { throw new SignatureException(e); } // can happen if the input is DER but does not match expected strucure catch (ClassCastException e) { throw new SignatureException(e); } catch (IOException e) { throw new SignatureException(e); } } }
From source file:org.xipki.pki.scep.serveremulator.CaEmulator.java
License:Open Source License
public ContentVerifierProvider getContentVerifierProvider(final PublicKey publicKey) throws InvalidKeyException { ParamUtil.requireNonNull("publicKey", publicKey); String keyAlg = publicKey.getAlgorithm().toUpperCase(); if ("EC".equals(keyAlg)) { keyAlg = "ECDSA"; }//from ww w. j av a 2 s .c o m BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg); if (builder == null) { if ("RSA".equals(keyAlg)) { builder = new BcRSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else if ("DSA".equals(keyAlg)) { builder = new BcDSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else if ("ECDSA".equals(keyAlg)) { builder = new BcECContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER); } else { throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg); } VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder); } AsymmetricKeyParameter keyParam = KeyUtil.generatePublicKeyParameter(publicKey); try { return builder.build(keyParam); } catch (OperatorCreationException ex) { throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(), ex); } }