/** * Checks whether given X.509 certificate is self-signed. * @param cert The X.509 certificate to check. * @return true if the certificate is self-signed, false if not. * @throws java.security.GeneralSecurityException */ public static boolean isSelfSigned(X509Certificate cert) throws GeneralSecurityException { try { // Try to verify certificate signature with its own public key PublicKey key = cert.getPublicKey(); cert.verify(key, SecurityProvider.getProvider().getName()); return true; } catch (SignatureException | InvalidKeyException | IOException ex) { // Invalid signature --> not self-signed LOG.debug("Couldn't get signature information - returning false", ex); return false; } }
public static void main(String[] args) throws IOException, GeneralSecurityException { if (args.length != 1) { usage(); System.exit(1); } // register BouncyCastle provider, needed for "exotic" algorithms Security.addProvider(SecurityProvider.getProvider()); // add ocspInformation AddValidationInformation addOcspInformation = new AddValidationInformation(); File inFile = new File(args[0]); String name = inFile.getName(); String substring = name.substring(0, name.lastIndexOf('.')); File outFile = new File(inFile.getParent(), substring + "_ocsp.pdf"); addOcspInformation.validateSignature(inFile, outFile); }
/** * This is the entry point for the application. * * @param args The command-line arguments. * * @throws IOException If there is an error reading the file. * @throws org.bouncycastle.tsp.TSPException * @throws org.apache.pdfbox.examples.signature.cert.CertificateVerificationException * @throws java.security.GeneralSecurityException */ public static void main(String[] args) throws IOException, TSPException, CertificateVerificationException, GeneralSecurityException { // register BouncyCastle provider, needed for "exotic" algorithms Security.addProvider(SecurityProvider.getProvider()); ShowSignature show = new ShowSignature(); show.showSignature( args ); }
private void validateTimestampToken(TimeStampToken timeStampToken) throws TSPException, CertificateException, OperatorCreationException, IOException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
try apg = AlgorithmParameterGenerator.getInstance(algorithm, SecurityProvider.getProvider()); keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider()); cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
crlDistributionPointsURL + " could not be verified"); crl.verify(crlIssuerCert.getPublicKey(), SecurityProvider.getProvider().getName());
certificate.verify(issuer.getPublicKey(), SecurityProvider.getProvider().getName());
private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) throws IOException, CertificateEncodingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { TBSCertificate certificate; try (ASN1InputStream input = new ASN1InputStream(x509certificate.getTBSCertificate())) { certificate = TBSCertificate.getInstance(input.readObject()); } AlgorithmIdentifier algorithmId = certificate.getSubjectPublicKeyInfo().getAlgorithm(); IssuerAndSerialNumber serial = new IssuerAndSerialNumber( certificate.getIssuer(), certificate.getSerialNumber().getValue()); Cipher cipher; try { cipher = Cipher.getInstance(algorithmId.getAlgorithm().getId(), SecurityProvider.getProvider()); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { // should never happen, if this happens throw IOException instead throw new RuntimeException("Could not find a suitable javax.crypto provider", e); } cipher.init(1, x509certificate.getPublicKey()); DEROctetString octets = new DEROctetString(cipher.doFinal(abyte0)); RecipientIdentifier recipientId = new RecipientIdentifier(serial); return new KeyTransRecipientInfo(recipientId, algorithmId, octets); }
/** * Checks whether the OCSP response is signed by the given certificate. * * @param certificate the certificate to check the signature * @param basicResponse OCSP response containing the signature * @throws OCSPException when the signature is invalid or could not be checked * @throws IOException if the default security provider can't be instantiated */ private void checkOcspSignature(X509Certificate certificate, BasicOCSPResp basicResponse) throws OCSPException, IOException { try { ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder() .setProvider(SecurityProvider.getProvider()).build(certificate); if (!basicResponse.isSignatureValid(verifier)) { throw new OCSPException("OCSP-Signature is not valid!"); } } catch (OperatorCreationException e) { throw new OCSPException("Error checking Ocsp-Signature", e); } }
setProvider(SecurityProvider.getProvider()).build(certFromSignedData)))
crl.verify(issuerCertificate.getPublicKey(), SecurityProvider.getProvider().getName()); CRLVerifier.checkRevocation(crl, certInfo.getCertificate(), signDate.getTime(), certInfo.getCrlUrl()); COSStream crlStream = writeDataToStream(crl.getEncoded());
Security.addProvider(SecurityProvider.getProvider());
cert.verify(key, SecurityProvider.getProvider().getName()); return true;
public static void main(String[] args) throws IOException, GeneralSecurityException { if (args.length != 1) { usage(); System.exit(1); } // register BouncyCastle provider, needed for "exotic" algorithms Security.addProvider(SecurityProvider.getProvider()); // add ocspInformation AddValidationInformation addOcspInformation = new AddValidationInformation(); File inFile = new File(args[0]); String name = inFile.getName(); String substring = name.substring(0, name.lastIndexOf('.')); File outFile = new File(inFile.getParent(), substring + "_ocsp.pdf"); addOcspInformation.validateSignature(inFile, outFile); }
/** * This is the entry point for the application. * * @param args The command-line arguments. * * @throws IOException If there is an error reading the file. * @throws org.bouncycastle.tsp.TSPException * @throws java.security.GeneralSecurityException * @throws org.apache.pdfbox.examples.signature.cert.CertificateVerificationException */ public static void main(String[] args) throws IOException, TSPException, GeneralSecurityException, CertificateVerificationException { // register BouncyCastle provider, needed for "exotic" algorithms Security.addProvider(SecurityProvider.getProvider()); ShowSignature show = new ShowSignature(); show.showSignature( args ); }
private void validateTimestampToken(TimeStampToken timeStampToken) throws IOException, CertificateException, TSPException, OperatorCreationException { // https://stackoverflow.com/questions/42114742/ Collection<X509CertificateHolder> tstMatches = timeStampToken.getCertificates().getMatches(timeStampToken.getSID()); X509CertificateHolder holder = tstMatches.iterator().next(); X509Certificate tstCert = new JcaX509CertificateConverter().getCertificate(holder); SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(SecurityProvider.getProvider()).build(tstCert); timeStampToken.validate(siv); System.out.println("TimeStampToken validated"); }
SecurityProvider.getProvider()); keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider()); cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
SecurityProvider.getProvider()); keygen = KeyGenerator.getInstance(algorithm, SecurityProvider.getProvider()); cipher = Cipher.getInstance(algorithm, SecurityProvider.getProvider());
/** * Fetches and adds CRL data to storage for the given Certificate. * * @param certInfo the certificate info, for it to check CRL data. * @throws IOException * @throws RevokedCertificateException * @throws GeneralSecurityException * @throws CertificateVerificationException */ private void addCrlRevocationInfo(CertSignatureInformation certInfo) throws IOException, RevokedCertificateException, GeneralSecurityException, CertificateVerificationException { X509CRL crl = CRLVerifier.downloadCRLFromWeb(certInfo.getCrlUrl()); crl.verify(certInfo.getIssuerCertificate().getPublicKey(), SecurityProvider.getProvider().getName()); CRLVerifier.checkRevocation(crl, certInfo.getCertificate(), signDate.getTime(), certInfo.getCrlUrl()); COSStream crlStream = writeDataToStream(crl.getEncoded()); crls.add(crlStream); if (correspondingCRLs != null) { correspondingCRLs.add(crlStream); } foundRevocationInformation.add(certInfo.getCertificate().getSerialNumber()); }
crlDistributionPointsURL + " could not be verified"); crl.verify(issuerKey, SecurityProvider.getProvider().getName());