private void checkSignature( PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
private void checkSignature( PublicKey key, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) { throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); } ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); // TODO This should go after the initVerify? X509SignatureUtil.setSignatureParameters(signature, params); signature.initVerify(key); signature.update(this.getTBSCertificate()); if (!signature.verify(this.getSignature())) { throw new SignatureException("certificate does not verify with supplied key"); } }
@Override public boolean isSignedBy(PublicKeyParameters publicKey) throws GeneralSecurityException { TBSCertificate tbsCert = this.holder.toASN1Structure().getTBSCertificate(); if (!BcUtils.isAlgorithlIdentifierEqual(tbsCert.getSignature(), this.holder.getSignatureAlgorithm())) { return false; } Signer signer = null; // Optimisation if (this.signerFactory instanceof BcSignerFactory) { signer = ((BcSignerFactory) this.signerFactory).getInstance(false, publicKey, tbsCert.getSignature()); } else { try { signer = this.signerFactory.getInstance(false, publicKey, this.holder.getSignatureAlgorithm().getEncoded()); } catch (IOException e) { return false; } } try { return BcUtils.updateDEREncodedObject(signer, tbsCert).verify(this.holder.getSignature()); } catch (IOException e) { return false; } }
/** * Build the structure of an X.509 certificate. * * @param tbsCert the to be signed structure * @param signature the signature * @return a X.509 certificate holder. */ public static X509CertificateHolder getX509CertificateHolder(TBSCertificate tbsCert, byte[] signature) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(tbsCert); v.add(tbsCert.getSignature()); v.add(new DERBitString(signature)); return new X509CertificateHolder(Certificate.getInstance(new DERSequence(v))); }
AlgorithmIdentifier tbsSigAlgId = tbsCert.getSignature(); if (!tbsSigAlgId.equals(sigAlgId)) { issue.setFailureMessage(