List of usage examples for org.bouncycastle.operator.jcajce JcaContentVerifierProviderBuilder build
public ContentVerifierProvider build(SubjectPublicKeyInfo publicKey) throws OperatorCreationException
From source file:AAModulePackage.ACHelper.java
/** * Validate the AC's cryptographic signature, checking against trusted * issuing entity's ACs.//from w w w .ja va 2s. c o m * @param ac - X.509 Attribute Certificate to have its signature checked. * @param trustedIssuers - Set of certificates owned by trust AC Issuing * Entities. * @return True if the signature is valid, False if it is not. */ public static boolean validateACSignature(X509AttributeCertificateHolder ac, HashSet<X509CertificateHolder> trustedIssuers) { JcaContentVerifierProviderBuilder b = new JcaContentVerifierProviderBuilder(); b.setProvider("BC"); for (X509CertificateHolder issuerCert : trustedIssuers) { try { if (ac.isSignatureValid(b.build(issuerCert))) { System.out.println("Signature for AC has been validated"); return true; } } catch (CertException ex) { Logger.getLogger(ACHelper.class.getName()).log(Level.SEVERE, null, ex); } catch (OperatorCreationException ex) { Logger.getLogger(ACHelper.class.getName()).log(Level.SEVERE, null, ex); } catch (CertificateException ex) { Logger.getLogger(ACHelper.class.getName()).log(Level.SEVERE, null, ex); } } return false; }
From source file:CAModulePackage.CertificateHelper.java
/** * * @param cert - X.509 Certificate to be validated. * @param issuingCert - X.509 Certificate that signed the other Certificate. * @return - True if the Certificate is valid, False otherwise. *//* w w w. j a va2 s.co m*/ public static boolean validateCert(X509CertificateHolder cert, X509CertificateHolder issuingCert) { JcaContentVerifierProviderBuilder builder = new JcaContentVerifierProviderBuilder(); ContentVerifierProvider verifier = null; try { verifier = builder.build(issuingCert); } catch (OperatorCreationException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } if (!cert.isValidOn(new Date())) { return false; } try { if (!cert.isSignatureValid(verifier)) { return false; } } catch (CertException e) { e.printStackTrace(); } return true; }
From source file:de.carne.certmgr.store.provider.bouncycastle.BouncyCastlePKCS10Object.java
License:Open Source License
@Override public void verify(PublicKey publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException { JcaContentVerifierProviderBuilder verifierBuilder = new JcaContentVerifierProviderBuilder(); boolean isSignatureValid = false; try {/*from w w w . ja v a2s . co m*/ isSignatureValid = this.pkcs10Object.isSignatureValid(verifierBuilder.build(publicKey)); } catch (OperatorCreationException e) { throw new NoSuchAlgorithmException(e.getLocalizedMessage(), e); } catch (PKCSException e) { throw new SignatureException(e.getLocalizedMessage(), e); } if (!isSignatureValid) { throw new SignatureException("Verification failed for: " + this.pkcs10Object); } }
From source file:eu.europa.ec.markt.dss.validation102853.OCSPToken.java
License:Open Source License
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); }/*from w w w .ja va 2s . com*/ try { signatureInvalidityReason = ""; JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder(); jcaContentVerifierProviderBuilder.setProvider("BC"); final PublicKey publicKey = issuerToken.getCertificate().getPublicKey(); ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(publicKey); signatureValid = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (signatureValid) { this.issuerToken = issuerToken; } issuerX500Principal = issuerToken.getSubjectX500Principal(); } catch (OCSPException e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } catch (OperatorCreationException e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } return signatureValid; }
From source file:eu.europa.esig.dss.x509.ocsp.OCSPToken.java
License:Open Source License
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); }//from w ww.jav a 2 s .c o m try { signatureInvalidityReason = ""; JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder(); jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME); final PublicKey publicKey = issuerToken.getCertificate().getPublicKey(); ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(publicKey); signatureValid = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (signatureValid) { this.issuerToken = issuerToken; } issuerX500Principal = issuerToken.getSubjectX500Principal(); } catch (Exception e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } return signatureValid; }
From source file:eu.europa.esig.dss.x509.OCSPToken.java
License:Open Source License
@Override public boolean isSignedBy(final CertificateToken issuerToken) { if (this.issuerToken != null) { return this.issuerToken.equals(issuerToken); }//w w w . j a va2 s. c o m try { signatureInvalidityReason = ""; JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder(); jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME); final PublicKey publicKey = issuerToken.getCertificate().getPublicKey(); ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(publicKey); signatureValid = basicOCSPResp.isSignatureValid(contentVerifierProvider); if (signatureValid) { this.issuerToken = issuerToken; } issuerX500Principal = issuerToken.getSubjectX500Principal(); } catch (Exception e) { signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage(); signatureValid = false; } return signatureValid; }
From source file:org.jruby.ext.openssl.OCSPBasicResponse.java
License:Common Public License
@JRubyMethod(name = "verify", rest = true) public IRubyObject verify(final ThreadContext context, IRubyObject[] args) { Ruby runtime = context.runtime;/*w w w . ja v a2 s. c o m*/ int flags = 0; IRubyObject certificates = args[0]; IRubyObject store = args[1]; boolean ret = false; if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) { flags = RubyFixnum.fix2int(args[2]); } JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder(); jcacvpb.setProvider("BC"); BasicOCSPResp basicOCSPResp = getBasicOCSPResp(); java.security.cert.Certificate signer = findSignerCert(context, asn1BCBasicOCSPResp, convertRubyCerts(certificates), flags); if (signer == null) return RubyBoolean.newBoolean(runtime, false); if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOINTERN))) == 0 && (flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) != 0) { flags |= RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY)); } if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) { PublicKey sPKey = signer.getPublicKey(); if (sPKey == null) return RubyBoolean.newBoolean(runtime, false); try { ContentVerifierProvider cvp = jcacvpb.build(sPKey); ret = basicOCSPResp.isSignatureValid(cvp); } catch (Exception e) { throw newOCSPError(runtime, e); } } if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) { List<X509Cert> untrustedCerts = null; if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) { } else if (basicOCSPResp.getCerts() != null && (certificates != null && !((RubyArray) certificates).isEmpty())) { untrustedCerts = getCertsFromResp(); Iterator<java.security.cert.Certificate> certIt = ((RubyArray) certificates).iterator(); while (certIt.hasNext()) { try { untrustedCerts.add(X509Cert.wrap(context, certIt.next().getEncoded())); } catch (CertificateEncodingException e) { throw newOCSPError(runtime, e); } } } else { untrustedCerts = getCertsFromResp(); } RubyArray rUntrustedCerts = RubyArray.newEmptyArray(runtime); if (untrustedCerts != null) { X509Cert[] rubyCerts = new X509Cert[untrustedCerts.size()]; rUntrustedCerts = RubyArray.newArray(runtime, untrustedCerts.toArray(rubyCerts)); } X509StoreContext ctx; try { ctx = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), rUntrustedCerts); } catch (CertificateEncodingException e) { throw newOCSPError(runtime, e); } ctx.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER")); ret = ctx.verify(context).isTrue(); IRubyObject chain = ctx.chain(context); if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHECKS))) > 0) { ret = true; } try { if (checkIssuer(getBasicOCSPResp(), chain)) return RubyBoolean.newBoolean(runtime, true); } catch (IOException e) { throw newOCSPError(runtime, e); } if ((flags & RubyFixnum.fix2int((RubyFixnum) _OCSP(runtime).getConstant(OCSP_NOCHAIN))) != 0) { return RubyBoolean.newBoolean(runtime, ret); } else { X509Cert rootCA = (X509Cert) ((RubyArray) chain).last(); PublicKey rootKey = rootCA.getAuxCert().getPublicKey(); try { // check if self-signed and valid (trusts itself) rootCA.getAuxCert().verify(rootKey); ret = true; } catch (Exception e) { ret = false; } } } return RubyBoolean.newBoolean(runtime, ret); }
From source file:org.jruby.ext.openssl.OCSPRequest.java
License:Common Public License
@JRubyMethod(name = "verify", rest = true) public IRubyObject verify(IRubyObject[] args) { Ruby runtime = getRuntime();/* w w w .j a v a2 s . c om*/ ThreadContext context = runtime.getCurrentContext(); int flags = 0; boolean ret = false; if (Arity.checkArgumentCount(runtime, args, 2, 3) == 3) { flags = RubyFixnum.fix2int((RubyFixnum) args[2]); } IRubyObject certificates = args[0]; IRubyObject store = args[1]; OCSPReq bcOCSPReq = getBCOCSPReq(); if (bcOCSPReq == null) { throw newOCSPError(runtime, new NullPointerException("Missing BC asn1bcReq. Missing certIDs or signature?")); } if (!bcOCSPReq.isSigned()) { return RubyBoolean.newBoolean(runtime, ret); } GeneralName genName = bcOCSPReq.getRequestorName(); if (genName.getTagNo() != 4) { return RubyBoolean.newBoolean(runtime, ret); } X500Name genX500Name = X500Name.getInstance(genName.getName()); X509StoreContext storeContext = null; JcaContentVerifierProviderBuilder jcacvpb = new JcaContentVerifierProviderBuilder(); jcacvpb.setProvider("BC"); try { java.security.cert.Certificate signer = findCertByName(genX500Name, certificates, flags); if (signer == null) return RubyBoolean.newBoolean(runtime, ret); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOINTERN))) > 0 && ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_TRUSTOTHER))) > 0)) flags |= RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY)); if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOSIGS))) == 0) { PublicKey signerPubKey = signer.getPublicKey(); ContentVerifierProvider cvp = jcacvpb.build(signerPubKey); ret = bcOCSPReq.isSignatureValid(cvp); if (!ret) { return RubyBoolean.newBoolean(runtime, ret); } } if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOVERIFY))) == 0) { if ((flags & RubyFixnum.fix2int(_OCSP(runtime).getConstant(OCSP_NOCHAIN))) > 0) { storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), context.nil); } else { RubyArray certs = RubyArray.newEmptyArray(runtime); ASN1Sequence bcCerts = asn1bcReq.getOptionalSignature().getCerts(); if (bcCerts != null) { Iterator<ASN1Encodable> it = bcCerts.iterator(); while (it.hasNext()) { Certificate cert = Certificate.getInstance(it.next()); certs.add(X509Cert.wrap(runtime, new X509AuxCertificate(cert))); } } storeContext = X509StoreContext.newStoreContext(context, (X509Store) store, X509Cert.wrap(runtime, signer), certs); } storeContext.set_purpose(context, _X509(runtime).getConstant("PURPOSE_OCSP_HELPER")); storeContext.set_trust(context, _X509(runtime).getConstant("TRUST_OCSP_REQUEST")); ret = storeContext.verify(context).isTrue(); if (!ret) return RubyBoolean.newBoolean(runtime, false); } } catch (Exception e) { debugStackTrace(e); throw newOCSPError(runtime, e); } return RubyBoolean.newBoolean(getRuntime(), ret); }