public String getSigAlgOID() { return c.getSignatureAlgorithm().getAlgorithm().getId(); }
public String getSigAlgOID() { return c.getSignatureAlgorithm().getAlgorithm().getId(); }
public String getSigAlgOID() { return c.getSignatureAlgorithm().getAlgorithm().getId(); }
protected X509CRLObject( JcaJceHelper bcHelper, CertificateList c) throws CRLException { this.bcHelper = bcHelper; this.c = c; try { this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); if (c.getSignatureAlgorithm().getParameters() != null) { this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); } else { this.sigAlgParams = null; } this.isIndirect = isIndirectCRL(this); } catch (Exception e) { throw new CRLException("CRL contents invalid: " + e); } }
public X509CRLObject( CertificateList c) throws CRLException { this.c = c; try { this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); if (c.getSignatureAlgorithm().getParameters() != null) { this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); } else { this.sigAlgParams = null; } this.isIndirect = isIndirectCRL(this); } catch (Exception e) { throw new CRLException("CRL contents invalid: " + e); } }
public X509CRLObject( CertificateList c) throws CRLException { this.c = c; try { this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); if (c.getSignatureAlgorithm().getParameters() != null) { this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); } else { this.sigAlgParams = null; } this.isIndirect = isIndirectCRL(this); } catch (Exception e) { throw new CRLException("CRL contents invalid: " + e); } }
private void doVerify(PublicKey key, Signature sig) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } sig.initVerify(key); sig.update(this.getTBSCertList()); if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } }
private void doVerify(PublicKey key, Signature sig) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } sig.initVerify(key); sig.update(this.getTBSCertList()); if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } }
public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } Signature sig; if (sigProvider != null) { sig = Signature.getInstance(getSigAlgName(), sigProvider); } else { sig = Signature.getInstance(getSigAlgName()); } sig.initVerify(key); sig.update(this.getTBSCertList()); if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } }
/** * Validate the signature on the CRL. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws CertException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException { TBSCertList tbsCRL = x509CRL.getTBSCertList(); if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifier verifier; try { verifier = verifierProvider.get((tbsCRL.getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(tbsCRL); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(x509CRL.getSignature().getOctets()); }
/** * Validate the signature on the CRL. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws CertException if the signature cannot be processed or is inappropriate. */ public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException { TBSCertList tbsCRL = x509CRL.getTBSCertList(); if (!CertUtils.isAlgIdEqual(tbsCRL.getSignature(), x509CRL.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifier verifier; try { verifier = verifierProvider.get((tbsCRL.getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(tbsCRL); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(x509CRL.getSignature().getOctets()); }