InputStream is1 = new ByteArrayInputStream(eeX509CertificateStructure.getEncoded()); X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1); is1.close();
public IssuerAndSerialNumber( X509CertificateStructure certificate) { this.name = certificate.getIssuer(); this.serialNumber = certificate.getSerialNumber(); }
public static X509CertificateStructure getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); }
public static X509CertificateStructure getInstance( Object obj) { if (obj instanceof X509CertificateStructure) { return (X509CertificateStructure)obj; } else if (obj != null) { return new X509CertificateStructure(ASN1Sequence.getInstance(obj)); } return null; }
public byte[] getTBSCertificate() throws CertificateEncodingException { try { return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new CertificateEncodingException(e.toString()); } }
public PublicKey getPublicKey() { try { return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); } catch (IOException e) { return null; // should never happen... } }
public X500Principal getIssuerX500Principal() { try { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); ASN1OutputStream aOut = new ASN1OutputStream(bOut); aOut.writeObject(c.getIssuer()); return new X500Principal(bOut.toByteArray()); } catch (IOException e) { throw new IllegalStateException("can't encode issuer DN"); } }
public BigInteger getSerialNumber() { return c.getSerialNumber().getValue(); }
private void checkSignature( PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
public void checkValidity( Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility { throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); } if (date.getTime() < this.getNotBefore().getTime()) { throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); } }
public byte[] getSignature() { return c.getSignature().getBytes(); }
public Date getNotAfter() { return c.getEndDate().getDate(); }
public static X509CertificateStructure getInstance( ASN1TaggedObject obj, boolean explicit) { return getInstance(ASN1Sequence.getInstance(obj, explicit)); }
public static X509CertificateStructure getInstance( Object obj) { if (obj instanceof X509CertificateStructure) { return (X509CertificateStructure)obj; } else if (obj != null) { return new X509CertificateStructure(ASN1Sequence.getInstance(obj)); } return null; }
X509Extensions extensions = c.getTBSCertificate().getExtensions();
public void processServerCertificate(Certificate serverCertificate) throws IOException { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo(); try { this.serverPublicKey = PublicKeyFactory.createKey(keyInfo); } catch (RuntimeException e) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
public Principal getIssuerDN() { try { return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); } catch (IOException e) { return null; } }
public static RequestedCertificate getInstance(Object obj) { if (obj == null || obj instanceof RequestedCertificate) { return (RequestedCertificate)obj; } if (obj instanceof ASN1Sequence) { return new RequestedCertificate(X509CertificateStructure.getInstance(obj)); } if (obj instanceof ASN1TaggedObject) { return new RequestedCertificate((ASN1TaggedObject)obj); } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); }
/** * @deprecated use constructor taking Certificate */ public IssuerAndSerialNumber( X509CertificateStructure certificate) { this.name = certificate.getIssuer(); this.serialNumber = certificate.getSerialNumber(); }
private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateParsingException { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(sigAlgId); v.add(new DERBitString(signature)); return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); }