org.bouncycastle.asn1.x509.TBSCertificate Java Examples
The following examples show how to use
org.bouncycastle.asn1.x509.TBSCertificate.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: LogSignatureVerifier.java From certificate-transparency-java with Apache License 2.0 | 6 votes |
|
/**
* Verifies the CT Log's signature over the SCT and the PreCertificate, or a final certificate.
*
* @param sct SignedCertificateTimestamp received from the log.
* @param certificate the PreCertificate sent to the log for addition, or the final certificate
* with the embedded SCTs.
* @param issuerInfo Information on the issuer which will (or did) ultimately sign this
* PreCertificate. If the PreCertificate was signed using by a PreCertificate Signing Cert,
* the issuerInfo contains data on the final CA certificate used for signing.
* @return true if the SCT verifies, false otherwise.
*/
boolean verifySCTOverPreCertificate(
Ct.SignedCertificateTimestamp sct,
X509Certificate certificate,
IssuerInformation issuerInfo) {
Preconditions.checkNotNull(issuerInfo, "At the very least, the issuer key hash is needed.");
TBSCertificate preCertificateTBS = createTbsForVerification(certificate, issuerInfo);
try {
byte[] toVerify =
serializeSignedSCTDataForPreCertificate(
preCertificateTBS.getEncoded(), issuerInfo.getKeyHash(), sct);
return verifySCTSignatureOverBytes(sct, toVerify);
} catch (IOException e) {
throw new CertificateTransparencyException(
"TBSCertificate part could not be encoded: " + e.getMessage(), e);
}
}
Example #2
| Source File: SFTrustManager.java From snowflake-jdbc with Apache License 2.0 | 5 votes |
|
/**
* Gets OCSP URLs associated with the certificate.
*
* @param bcCert Bouncy Castle Certificate
* @return a set of OCSP URLs
*/
private Set<String> getOcspUrls(Certificate bcCert) throws IOException
{
TBSCertificate bcTbsCert = bcCert.getTBSCertificate();
Extensions bcExts = bcTbsCert.getExtensions();
if (bcExts == null)
{
throw new IOException("Failed to get Tbs Certificate.");
}
Set<String> ocsp = new HashSet<>();
for (Enumeration<?> en = bcExts.oids(); en.hasMoreElements(); )
{
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) en.nextElement();
Extension bcExt = bcExts.getExtension(oid);
if (Extension.authorityInfoAccess.equals(bcExt.getExtnId()))
{
// OCSP URLS are included in authorityInfoAccess
DLSequence seq = (DLSequence) bcExt.getParsedValue();
for (ASN1Encodable asn : seq)
{
ASN1Encodable[] pairOfAsn = ((DLSequence) asn).toArray();
if (pairOfAsn.length == 2)
{
ASN1ObjectIdentifier key = (ASN1ObjectIdentifier) pairOfAsn[0];
if (OIDocsp.equals(key))
{
// ensure OCSP and not CRL
GeneralName gn = GeneralName.getInstance(pairOfAsn[1]);
ocsp.add(gn.getName().toString());
}
}
}
}
}
return ocsp;
}
Example #3
| Source File: BaseSyncopeWASAML2ClientTest.java From syncope with Apache License 2.0 | 5 votes |
|
protected static Certificate createSelfSignedCert(final KeyPair keyPair) throws Exception {
final X500Name dn = new X500Name("cn=Unknown");
final V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
certGen.setIssuer(dn);
certGen.setSubject(dn);
certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
final Date expiration = new Date(System.currentTimeMillis() + 100000);
certGen.setEndDate(new Time(expiration));
final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
certGen.setSignature(sigAlgID);
certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final Signature sig = Signature.getInstance("SHA1WithRSA");
sig.initSign(keyPair.getPrivate());
sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
final TBSCertificate tbsCert = certGen.generateTBSCertificate();
final ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgID);
v.add(new DERBitString(sig.sign()));
final Certificate cert = CertificateFactory.getInstance("X.509")
.generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
cert.verify(keyPair.getPublic());
return cert;
}
Example #4
| Source File: SAML2SPKeystoreTest.java From syncope with Apache License 2.0 | 5 votes |
|
private static Certificate createSelfSignedCert(final KeyPair keyPair) throws Exception {
final X500Name dn = new X500Name("cn=Unknown");
final V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
certGen.setIssuer(dn);
certGen.setSubject(dn);
certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
final Date expiration = new Date(System.currentTimeMillis() + 100000);
certGen.setEndDate(new Time(expiration));
final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE);
certGen.setSignature(sigAlgID);
certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final Signature sig = Signature.getInstance("SHA1WithRSA");
sig.initSign(keyPair.getPrivate());
sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
final TBSCertificate tbsCert = certGen.generateTBSCertificate();
final ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCert);
v.add(sigAlgID);
v.add(new DERBitString(sig.sign()));
final Certificate cert = CertificateFactory.getInstance("X.509")
.generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
cert.verify(keyPair.getPublic());
return cert;
}
