org.bouncycastle.operator.ContentVerifierProvider Java Examples
The following examples show how to use
org.bouncycastle.operator.ContentVerifierProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: X509CertUtil.java From portecle with GNU General Public License v2.0 | 6 votes |
|
/**
* Load a CSR from the specified URL.
*
* @param url The URL to load CSR from
* @return The CSR
* @throws CryptoException Problem encountered while loading the CSR
* @throws FileNotFoundException If the CSR file does not exist, is a directory rather than a regular file, or for
* some other reason cannot be opened for reading
* @throws IOException An I/O error occurred
*/
public static PKCS10CertificationRequest loadCSR(URL url)
throws CryptoException, IOException
{
// TODO: handle DER encoded requests too?
try (PEMParser pr = new PEMParser(new InputStreamReader(NetUtil.openGetStream(url))))
{
PKCS10CertificationRequest csr = (PKCS10CertificationRequest) pr.readObject();
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(csr.getSubjectPublicKeyInfo());
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyCsr.exception.message"));
}
return csr;
}
catch (ClassCastException | OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoLoadCsr.exception.message"), ex);
}
}
Example #2
| Source File: CaEmulator.java From xipki with Apache License 2.0 | 5 votes |
|
public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey)
throws InvalidKeyException {
Args.notNull(publicKey, "publicKey");
String keyAlg = publicKey.getAlgorithm().toUpperCase();
if ("EC".equals(keyAlg)) {
keyAlg = "ECDSA";
}
BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg);
if (builder == null) {
if ("RSA".equals(keyAlg)) {
builder = new BcRSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
} else if ("DSA".equals(keyAlg)) {
builder = new BcDSAContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
} else if ("ECDSA".equals(keyAlg)) {
builder = new BcECContentVerifierProviderBuilder(DFLT_DIGESTALG_IDENTIFIER_FINDER);
} else {
throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
}
VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder);
}
AsymmetricKeyParameter keyParam = generatePublicKeyParameter(publicKey);
try {
return builder.build(keyParam);
} catch (OperatorCreationException ex) {
throw new InvalidKeyException("could not build ContentVerifierProvider: " + ex.getMessage(),
ex);
}
}
Example #3
| Source File: X509CertUtil.java From portecle with GNU General Public License v2.0 | 5 votes |
|
/**
* Create a PKCS #10 certification request (CSR) using the supplied certificate and private key.
*
* @param cert The certificate
* @param privateKey The private key
* @throws CryptoException If there was a problem generating the CSR
* @return The CSR
*/
public static PKCS10CertificationRequest generatePKCS10CSR(X509Certificate cert, PrivateKey privateKey)
throws CryptoException
{
X500Name subject = new X500Name(cert.getSubjectDN().toString());
JcaPKCS10CertificationRequestBuilder csrBuilder =
new JcaPKCS10CertificationRequestBuilder(subject, cert.getPublicKey());
JcaContentSignerBuilder signerBuilder = new JcaContentSignerBuilder(cert.getSigAlgName());
try
{
ContentVerifierProvider prov = new JcaContentVerifierProviderBuilder().build(cert);
PKCS10CertificationRequest csr = csrBuilder.build(signerBuilder.build(privateKey));
if (!csr.isSignatureValid(prov))
{
throw new CryptoException(RB.getString("NoVerifyGenCsr.exception.message"));
}
return csr;
}
catch (OperatorCreationException | PKCSException ex)
{
throw new CryptoException(RB.getString("NoGenerateCsr.exception.message"), ex);
}
}
Example #4
| Source File: Pkcs10Util.java From keystore-explorer with GNU General Public License v3.0 | 5 votes |
|
/**
* Verify a PKCS #10 certificate signing request (CSR).
*
* @param csr The certificate signing request
* @return True if successfully verified
* @throws CryptoException
* If there was a problem verifying the CSR
*/
public static boolean verifyCsr(PKCS10CertificationRequest csr) throws CryptoException {
try {
PublicKey pubKey = new JcaPKCS10CertificationRequest(csr).getPublicKey();
ContentVerifierProvider contentVerifierProvider =
new JcaContentVerifierProviderBuilder().setProvider("BC").build(pubKey);
return csr.isSignatureValid(contentVerifierProvider);
} catch (InvalidKeyException | OperatorCreationException | NoSuchAlgorithmException | PKCSException e) {
throw new CryptoException(res.getString("NoVerifyPkcs10Csr.exception.message"), e);
}
}
Example #5
| Source File: OCSPToken.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
protected SignatureValidity checkIsSignedBy(final CertificateToken candidate) {
try {
signatureInvalidityReason = "";
JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
jcaContentVerifierProviderBuilder.setProvider(DSSSecurityProvider.getSecurityProvider());
ContentVerifierProvider contentVerifierProvider = jcaContentVerifierProviderBuilder.build(candidate.getPublicKey());
signatureValidity = SignatureValidity.get(basicOCSPResp.isSignatureValid(contentVerifierProvider));
} catch (Exception e) {
LOG.error("An error occurred during in attempt to check signature owner : ", e);
signatureInvalidityReason = e.getClass().getSimpleName() + " - " + e.getMessage();
signatureValidity = SignatureValidity.INVALID;
}
return signatureValidity;
}
Example #6
| Source File: CaEmulator.java From xipki with Apache License 2.0 | 5 votes |
|
private boolean verifyPopo(CertificationRequest csr) {
Args.notNull(csr, "csr");
try {
PKCS10CertificationRequest p10Req = new PKCS10CertificationRequest(csr);
SubjectPublicKeyInfo pkInfo = p10Req.getSubjectPublicKeyInfo();
PublicKey pk = generatePublicKey(pkInfo);
ContentVerifierProvider cvp = getContentVerifierProvider(pk);
return p10Req.isSignatureValid(cvp);
} catch (InvalidKeyException | PKCSException | InvalidKeySpecException ex) {
LOG.error("could not validate POPO of CSR", ex);
return false;
}
}
Example #7
| Source File: SignatureCmpCaClient.java From xipki with Apache License 2.0 | 5 votes |
|
@Override
protected boolean verifyProtection(GeneralPKIMessage pkiMessage)
throws CMPException, InvalidKeyException {
ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);
if (protectedMsg.hasPasswordBasedMacProtection()) {
LOG.warn("protection is not signature based: "
+ pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
return false;
}
PKIHeader header = protectedMsg.getHeader();
if (!header.getSender().equals(responderSubject)) {
LOG.warn("not authorized responder '{}'", header.getSender());
return false;
}
String algOid = protectedMsg.getHeader().getProtectionAlg().getAlgorithm().getId();
if (!trustedProtectionAlgOids.contains(algOid)) {
LOG.warn("PKI protection algorithm is untrusted '{}'", algOid);
return false;
}
ContentVerifierProvider verifierProvider = getContentVerifierProvider(
responderCert.getPublicKey());
if (verifierProvider == null) {
LOG.warn("not authorized responder '{}'", header.getSender());
return false;
}
return protectedMsg.verify(verifierProvider);
}
Example #8
| Source File: SignerUtil.java From xipki with Apache License 2.0 | 5 votes |
|
public static ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
DHSigStaticKeyCertPair ownerKeyAndCert) throws InvalidKeyException {
Args.notNull(publicKey, "publicKey");
String keyAlg = publicKey.getAlgorithm().toUpperCase();
if ("ED25519".equals(keyAlg) || "ED448".equals(keyAlg)) {
return new XiEdDSAContentVerifierProvider(publicKey);
} else if ("X25519".equals(keyAlg) || "X448".equals(keyAlg)) {
if (ownerKeyAndCert == null) {
throw new InvalidKeyException("ownerKeyAndCert is required but absent");
}
return new XiXDHContentVerifierProvider(publicKey, ownerKeyAndCert);
}
BcContentVerifierProviderBuilder builder = VERIFIER_PROVIDER_BUILDER.get(keyAlg);
if (builder == null) {
if ("RSA".equals(keyAlg)) {
builder = new XiRSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
} else if ("DSA".equals(keyAlg)) {
builder = new BcDSAContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
} else if ("EC".equals(keyAlg) || "ECDSA".equals(keyAlg)) {
builder = new XiECContentVerifierProviderBuilder(DIGESTALG_IDENTIFIER_FINDER);
} else {
throw new InvalidKeyException("unknown key algorithm of the public key " + keyAlg);
}
VERIFIER_PROVIDER_BUILDER.put(keyAlg, builder);
}
AsymmetricKeyParameter keyParam = KeyUtil.generatePublicKeyParameter(publicKey);
try {
return builder.build(keyParam);
} catch (OperatorCreationException ex) {
throw new InvalidKeyException("could not build ContentVerifierProvider: "
+ ex.getMessage(), ex);
}
}
Example #9
| Source File: BaseApprover.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
/**
* Verifies the Signature on the CSR is valid.
*
* @param pkcs10Request - PCKS10 Request.
* @return True if it is valid, false otherwise.
* @throws OperatorCreationException - On Error.
* @throws PKCSException - on Error.
*/
boolean verifyPkcs10Request(PKCS10CertificationRequest pkcs10Request)
throws OperatorCreationException, PKCSException {
ContentVerifierProvider verifierProvider = new
JcaContentVerifierProviderBuilder()
.setProvider(this.securityConfig.getProvider())
.build(pkcs10Request.getSubjectPublicKeyInfo());
return
pkcs10Request.isSignatureValid(verifierProvider);
}
Example #10
| Source File: SecurityFactoryImpl.java From xipki with Apache License 2.0 | 4 votes |
|
@Override
public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
DHSigStaticKeyCertPair ownerKeyAndCert) throws InvalidKeyException {
return SignerUtil.getContentVerifierProvider(publicKey, ownerKeyAndCert);
}
Example #11
| Source File: CmpAgent.java From xipki with Apache License 2.0 | 4 votes |
|
private ProtectionVerificationResult verifyProtection(String tid, GeneralPKIMessage pkiMessage)
throws CMPException, InvalidKeyException, OperatorCreationException {
ProtectedPKIMessage protectedMsg = new ProtectedPKIMessage(pkiMessage);
PKIHeader header = protectedMsg.getHeader();
if (requestor instanceof Requestor.PbmMacCmpRequestor) {
if (!protectedMsg.hasPasswordBasedMacProtection()) {
LOG.warn("NOT_MAC_BASED: {}",
pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
}
Responder.PbmMacCmpResponder macResponder = (Responder.PbmMacCmpResponder) responder;
PBMParameter parameter =
PBMParameter.getInstance(pkiMessage.getHeader().getProtectionAlg().getParameters());
AlgorithmIdentifier algId = parameter.getOwf();
if (!macResponder.isPbmOwfPermitted(algId)) {
LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.owf: {})", algId.getAlgorithm().getId());
return new ProtectionVerificationResult(null, ProtectionResult.MAC_ALGO_FORBIDDEN);
}
algId = parameter.getMac();
if (!macResponder.isPbmMacPermitted(algId)) {
LOG.warn("MAC_ALGO_FORBIDDEN (PBMParameter.mac: {})", algId.getAlgorithm().getId());
return new ProtectionVerificationResult(null, ProtectionResult.MAC_ALGO_FORBIDDEN);
}
Requestor.PbmMacCmpRequestor macRequestor = (Requestor.PbmMacCmpRequestor) requestor;
PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator());
boolean macValid = protectedMsg.verify(pkMacBuilder, macRequestor.getPassword());
return new ProtectionVerificationResult(requestor,
macValid ? ProtectionResult.MAC_VALID : ProtectionResult.MAC_INVALID);
} else {
if (protectedMsg.hasPasswordBasedMacProtection()) {
LOG.warn("NOT_SIGNATURE_BASED: {}",
pkiMessage.getHeader().getProtectionAlg().getAlgorithm().getId());
return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
}
if (recipientName != null) {
boolean authorizedResponder = true;
if (header.getSender().getTagNo() != GeneralName.directoryName) {
authorizedResponder = false;
} else {
X500Name msgSender = X500Name.getInstance(header.getSender().getName());
authorizedResponder = recipientName.equals(msgSender);
}
if (!authorizedResponder) {
LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
return new ProtectionVerificationResult(null, ProtectionResult.SENDER_NOT_AUTHORIZED);
}
}
Responder.SignaturetCmpResponder sigResponder =
(Responder.SignaturetCmpResponder) responder;
AlgorithmIdentifier protectionAlgo = protectedMsg.getHeader().getProtectionAlg();
if (!sigResponder.getSigAlgoValidator().isAlgorithmPermitted(protectionAlgo)) {
String algoName;
try {
algoName = AlgorithmUtil.getSignatureAlgoName(protectionAlgo);
} catch (NoSuchAlgorithmException ex) {
algoName = protectionAlgo.getAlgorithm().getId();
}
LOG.warn("tid={}: response protected by untrusted protection algorithm '{}'",
tid, algoName);
return new ProtectionVerificationResult(null, ProtectionResult.SIGNATURE_INVALID);
}
X509Cert cert = sigResponder.getCert();
ContentVerifierProvider verifierProvider = securityFactory.getContentVerifierProvider(cert);
if (verifierProvider == null) {
LOG.warn("tid={}: not authorized responder '{}'", tid, header.getSender());
return new ProtectionVerificationResult(cert, ProtectionResult.SENDER_NOT_AUTHORIZED);
}
boolean signatureValid = protectedMsg.verify(verifierProvider);
return new ProtectionVerificationResult(cert, signatureValid
? ProtectionResult.SIGNATURE_VALID : ProtectionResult.SIGNATURE_INVALID);
}
}
Example #12
| Source File: CrlStreamParser.java From xipki with Apache License 2.0 | 4 votes |
|
public boolean verifySignature(PublicKey publicKey) throws IOException {
try {
ContentVerifierProvider cvp = SignerUtil.getContentVerifierProvider(publicKey, null);
ContentVerifier verifier = cvp.get(algorithmIdentifier);
OutputStream sigOut = verifier.getOutputStream();
try (InputStream crlStream = new FileInputStream(crlFile)) {
skip(crlStream, tbsCertListOffset);
int remainingLength = tbsCertListEndIndex - tbsCertListOffset;
byte[] buffer = new byte[1024];
while (true) {
int count = crlStream.read(buffer);
if (count == -1) {
break;
} else if (count > 0) {
if (count <= remainingLength) {
sigOut.write(buffer, 0, count);
remainingLength -= count;
} else {
sigOut.write(buffer, 0, remainingLength);
remainingLength = 0;
}
}
if (remainingLength == 0) {
break;
}
}
if (remainingLength != 0) {
throw new IOException("could reading all tbsCertList");
}
}
sigOut.close();
return verifier.verify(this.getSignature());
} catch (InvalidKeyException | OperatorCreationException ex) {
LogUtil.error(LOG, ex, "could not validate POPO of CSR");
return false;
}
}
Example #13
| Source File: AbstractSecurityFactory.java From xipki with Apache License 2.0 | 4 votes |
|
@Override
public ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey)
throws InvalidKeyException {
return getContentVerifierProvider(publicKey, null);
}
Example #14
| Source File: AbstractSecurityFactory.java From xipki with Apache License 2.0 | 4 votes |
|
@Override
public ContentVerifierProvider getContentVerifierProvider(X509Cert cert)
throws InvalidKeyException {
Args.notNull(cert, "cert");
return getContentVerifierProvider(cert.getPublicKey());
}
Example #15
| Source File: CertificateManager.java From Openfire with Apache License 2.0 | 4 votes |
|
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, X500NameBuilder issuerBuilder,
X500NameBuilder subjectBuilder, String domain, String signAlgoritm, Set<String> sanDnsNames ) throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
X500Name issuerDN = issuerBuilder.build();
X500Name subjectDN = subjectBuilder.build();
// builder
JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( //
issuerDN, //
serial, //
new Date(), //
new Date(System.currentTimeMillis() + days * (1000L * 60 * 60 * 24)), //
subjectDN, //
pubKey //
);
// add subjectAlternativeName extension that includes all relevant names.
final GeneralNames subjectAlternativeNames = getSubjectAlternativeNames( sanDnsNames );
final boolean critical = subjectDN.getRDNs().length == 0;
certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAlternativeNames);
// add keyIdentifiers extensions
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(pubKey));
try {
// build the certificate
ContentSigner signer = new JcaContentSignerBuilder(signAlgoritm).build(privKey);
X509CertificateHolder cert = certBuilder.build(signer);
// verify the validity
if (!cert.isValidOn(new Date())) {
throw new GeneralSecurityException("Certificate validity not valid");
}
// verify the signature (self-signed)
ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().build(pubKey);
if (!cert.isSignatureValid(verifierProvider)) {
throw new GeneralSecurityException("Certificate signature not valid");
}
return new JcaX509CertificateConverter().getCertificate(cert);
} catch (OperatorCreationException | CertException e) {
throw new GeneralSecurityException(e);
}
}
Example #16
| Source File: TestCertificateSignRequest.java From hadoop-ozone with Apache License 2.0 | 4 votes |
|
@Test
public void testGenerateCSRwithSan() throws NoSuchProviderException,
NoSuchAlgorithmException, SCMSecurityException,
OperatorCreationException, PKCSException {
String clusterID = UUID.randomUUID().toString();
String scmID = UUID.randomUUID().toString();
String subject = "DN001";
HDDSKeyGenerator keyGen =
new HDDSKeyGenerator(securityConfig.getConfiguration());
KeyPair keyPair = keyGen.generateKey();
CertificateSignRequest.Builder builder =
new CertificateSignRequest.Builder()
.setSubject(subject)
.setScmID(scmID)
.setClusterID(clusterID)
.setKey(keyPair)
.setConfiguration(conf);
// Multi-home
builder.addIpAddress("192.168.1.1");
builder.addIpAddress("192.168.2.1");
builder.addServiceName("OzoneMarketingCluster003");
builder.addDnsName("dn1.abc.com");
PKCS10CertificationRequest csr = builder.build();
// Check the Subject Name is in the expected format.
String dnName = String.format(SecurityUtil.getDistinguishedNameFormat(),
subject, scmID, clusterID);
Assert.assertEquals(csr.getSubject().toString(), dnName);
// Verify the public key info match
byte[] encoded = keyPair.getPublic().getEncoded();
SubjectPublicKeyInfo subjectPublicKeyInfo =
SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(encoded));
SubjectPublicKeyInfo csrPublicKeyInfo = csr.getSubjectPublicKeyInfo();
Assert.assertEquals(csrPublicKeyInfo, subjectPublicKeyInfo);
// Verify CSR with attribute for extensions
Assert.assertEquals(1, csr.getAttributes().length);
Extensions extensions = SecurityUtil.getPkcs9Extensions(csr);
// Verify key usage extension
Extension sanExt = extensions.getExtension(Extension.keyUsage);
Assert.assertEquals(true, sanExt.isCritical());
verifyServiceId(extensions);
// Verify signature in CSR
ContentVerifierProvider verifierProvider =
new JcaContentVerifierProviderBuilder().setProvider(securityConfig
.getProvider()).build(csr.getSubjectPublicKeyInfo());
Assert.assertEquals(true, csr.isSignatureValid(verifierProvider));
}
Example #17
| Source File: TestCertificateSignRequest.java From hadoop-ozone with Apache License 2.0 | 4 votes |
|
@Test
public void testGenerateCSR() throws NoSuchProviderException,
NoSuchAlgorithmException, SCMSecurityException,
OperatorCreationException, PKCSException {
String clusterID = UUID.randomUUID().toString();
String scmID = UUID.randomUUID().toString();
String subject = "DN001";
HDDSKeyGenerator keyGen =
new HDDSKeyGenerator(securityConfig.getConfiguration());
KeyPair keyPair = keyGen.generateKey();
CertificateSignRequest.Builder builder =
new CertificateSignRequest.Builder()
.setSubject(subject)
.setScmID(scmID)
.setClusterID(clusterID)
.setKey(keyPair)
.setConfiguration(conf);
PKCS10CertificationRequest csr = builder.build();
// Check the Subject Name is in the expected format.
String dnName = String.format(SecurityUtil.getDistinguishedNameFormat(),
subject, scmID, clusterID);
Assert.assertEquals(csr.getSubject().toString(), dnName);
// Verify the public key info match
byte[] encoded = keyPair.getPublic().getEncoded();
SubjectPublicKeyInfo subjectPublicKeyInfo =
SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(encoded));
SubjectPublicKeyInfo csrPublicKeyInfo = csr.getSubjectPublicKeyInfo();
Assert.assertEquals(csrPublicKeyInfo, subjectPublicKeyInfo);
// Verify CSR with attribute for extensions
Assert.assertEquals(1, csr.getAttributes().length);
Extensions extensions = SecurityUtil.getPkcs9Extensions(csr);
// Verify key usage extension
Extension keyUsageExt = extensions.getExtension(Extension.keyUsage);
Assert.assertEquals(true, keyUsageExt.isCritical());
// Verify San extension not set
Assert.assertEquals(null,
extensions.getExtension(Extension.subjectAlternativeName));
// Verify signature in CSR
ContentVerifierProvider verifierProvider =
new JcaContentVerifierProviderBuilder().setProvider(securityConfig
.getProvider()).build(csr.getSubjectPublicKeyInfo());
Assert.assertEquals(true, csr.isSignatureValid(verifierProvider));
}
Example #18
| Source File: SecurityFactory.java From xipki with Apache License 2.0 | 2 votes |
|
/**
* Gets the ContentVerifierProvider from the public key.
*
* @param publicKey
* Signature verification key. Must not be {@code null}.
* @return the ContentVerifierProvider
* @throws InvalidKeyException
* If the publicKey is invalid or unsupported.
*/
ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey)
throws InvalidKeyException;
Example #19
| Source File: SecurityFactory.java From xipki with Apache License 2.0 | 2 votes |
|
/**
* Gets the ContentVerifierProvider from the public key.
*
* @param publicKey
* Signature verification key. Must not be {@code null}.
* @param ownerKeyAndCert
* The owner's key and certificate for the CSR with Diffie-Hellman PoC.
* May be {@code null}.
* @return the ContentVerifierProvider
* @throws InvalidKeyException
* If the publicKey is invalid or unsupported.
*/
ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
DHSigStaticKeyCertPair ownerKeyAndCert) throws InvalidKeyException;
Example #20
| Source File: SecurityFactory.java From xipki with Apache License 2.0 | 2 votes |
|
/**
* Gets the ContentVerifierProvider from the certificate.
*
* @param cert
* Certificate that contains the signature verification key. Must not be {@code null}.
* @return the ContentVerifierProvider
* @throws InvalidKeyException
* If the publicKey contained in the certificate is invalid or unsupported.
*/
ContentVerifierProvider getContentVerifierProvider(X509Cert cert)
throws InvalidKeyException;
