@Override public boolean verifyPopo(PKCS10CertificationRequest csr, AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }
@Override public boolean verifyPopo(final PKCS10CertificationRequest csr, final AlgorithmValidator algoValidator) { if (algoValidator != null) { AlgorithmIdentifier algId = csr.getSignatureAlgorithm(); if (!algoValidator.isAlgorithmPermitted(algId)) { String algoName; try { algoName = AlgorithmUtil.getSignatureAlgoName(algId); } catch (NoSuchAlgorithmException ex) { algoName = algId.getAlgorithm().getId(); } LOG.error("POPO signature algorithm {} not permitted", algoName); return false; } } try { SubjectPublicKeyInfo pkInfo = csr.getSubjectPublicKeyInfo(); PublicKey pk = KeyUtil.generatePublicKey(pkInfo); ContentVerifierProvider cvp = getContentVerifierProvider(pk); return csr.isSignatureValid(cvp); } catch (InvalidKeyException | PKCSException | NoSuchAlgorithmException | InvalidKeySpecException ex) { LogUtil.error(LOG, ex, "could not validate POPO of CSR"); return false; } }