📄 x509crl.java
字号:
{
tbsCertListGenerator.setExtensions(extensions);
}
public void setCRLEntries(CRLEntry crlEntries[])
{
ASN1EncodableVector v = new ASN1EncodableVector();
for(int i = 0; i < crlEntries.length; i++)
v.add(crlEntries[i].getDERObject());
DERSequence derSeq = new DERSequence(v);
tbsCertListGenerator.addCRLEntry(derSeq);
}
private byte[] generateHash(Session session, byte bTBSCertList[])
throws Exception
{
if(signatureAlg == null)
throw new Exception("signature algorithm must be set");
DERObjectIdentifier algOID = signatureAlg.getObjectId();
byte hashTBSCertList[] = null;
JMechanism mechanism = null;
if(algOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
mechanism = new JMechanism(512);
else
if(algOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
mechanism = new JMechanism(528);
else
mechanism = new JMechanism(544);
hashTBSCertList = session.digest(mechanism, bTBSCertList);
return hashTBSCertList;
}
private void generateSignature(Session session, JKey priKey)
throws Exception
{
tbsCertList = tbsCertListGenerator.generateTBSCertList();
DERObject derObj = tbsCertList.getDERObject();
byte bTBSCertList[] = Parser.writeDERObj2Bytes(derObj);
byte hashTBSCertList[] = generateHash(session, bTBSCertList);
byte encodHashTBSCertList[] = null;
byte bSignatureValue[] = null;
JMechanism mechanism = null;
DERObjectIdentifier algOID = signatureAlg.getObjectId();
if(priKey.getKeyType() == 2)
{
if(algOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature key is not mactch up to the signature algorithm");
DERObjectIdentifier mdID = null;
if(algOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md2;
else
if(algOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
mdID = PKCSObjectIdentifiers.md5;
else
mdID = PKCSObjectIdentifiers.sha1;
encodHashTBSCertList = encodeRSASignature(mdID, hashTBSCertList);
mechanism = new JMechanism(1);
bSignatureValue = session.encrypt(mechanism, priKey, encodHashTBSCertList);
} else
if(priKey.getKeyType() == 1002)
{
if(!algOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("signature key is not mactch up to the signature algorithm");
mechanism = new JMechanism(1027);
bSignatureValue = session.sign(mechanism, priKey, hashTBSCertList);
bSignatureValue = Crypto.encodeECDSASignature(bSignatureValue);
} else
{
throw new Exception("unsupported type of signature key");
}
signatureValue = new DERBitString(bSignatureValue);
}
private byte[] constructCRL()
throws Exception
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(tbsCertList);
v.add(signatureAlg);
v.add(signatureValue);
DERSequence derSeq = new DERSequence(v);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(derSeq.getDERObject());
return bos.toByteArray();
}
public byte[] generateCRL(Session session, JKey prikey)
throws Exception
{
generateSignature(session, prikey);
return constructCRL();
}
public void generateCRL(Session session, JKey prikey, String crlFileName)
throws Exception
{
generateSignature(session, prikey);
FileOutputStream fos = new FileOutputStream(crlFileName);
fos.write(constructCRL());
fos.flush();
fos.close();
}
public boolean isRevoked(X509Cert cert)
throws Exception
{
if(crl == null)
throw new Exception("please call X509CRL(ASN1Sequence seq) or X509CRL(byte[] crl) or X509CRL(String CRLFileName)");
TBSCertList tbsCertList = crl.getTBSCertList();
CRLEntry revokedCerts[] = tbsCertList.getRevokedCertificates();
BigInteger sn = cert.getSerialNumber();
for(int i = 0; i < revokedCerts.length; i++)
{
BigInteger tmpSN = revokedCerts[i].getUserCertificate().getValue();
if(sn.equals(tmpSN))
return true;
}
return false;
}
private byte[] encodeRSASignature(DERObjectIdentifier mdId, byte digest[])
throws Exception
{
DEROctetString derOct = new DEROctetString(digest);
AlgorithmIdentifier algSign = new AlgorithmIdentifier(mdId, null);
DEREncodableVector tempv = new DEREncodableVector();
tempv.add(algSign);
tempv.add(derOct);
DERSequence seqv = new DERSequence(tempv);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(seqv.getDERObject());
return bos.toByteArray();
}
private byte[] encodeECDSASignature(byte signedData[])
throws Exception
{
ByteArrayInputStream bis = new ByteArrayInputStream(signedData);
DERInputStream dis = new DERInputStream(bis);
ASN1Sequence seq = (ASN1Sequence)dis.readObject();
AlgorithmIdentifier algSign = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithECEncryption, null);
DEREncodableVector tempv = new DEREncodableVector();
tempv.add(algSign);
tempv.add(seq);
DERSequence seqv = new DERSequence(tempv);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(seqv.getDERObject());
return bos.toByteArray();
}
private byte[] decodeECCSignature(byte signature[])
throws Exception
{
ByteArrayInputStream bis = new ByteArrayInputStream(signature);
DERInputStream dis = new DERInputStream(bis);
ASN1Sequence asnSeq = (ASN1Sequence)dis.readObject();
AlgorithmIdentifier algSign = new AlgorithmIdentifier((ASN1Sequence)asnSeq.getObjectAt(0));
if(!algSign.getObjectId().equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
throw new Exception("Algorithm Not Math,Algorithm must be PKCSObjectIdentifiers.sha1WithECEncryption");
} else
{
asnSeq = (ASN1Sequence)asnSeq.getObjectAt(1);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DEROutputStream dos = new DEROutputStream(bos);
dos.writeObject(asnSeq.getDERObject());
return bos.toByteArray();
}
}
private boolean isEqualArray(byte a[], byte b[])
{
if(a.length != b.length)
return false;
for(int i = 0; i < a.length; i++)
if(a[i] != b[i])
return false;
return true;
}
public boolean verifyCRLSign(Session session, JKey pubKey)
throws Exception
{
AlgorithmIdentifier sigAlg = getSignatureAlgorithm();
DERObjectIdentifier derOID = sigAlg.getObjectId();
if(!derOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption) && !derOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
throw new Exception("unsupported type of signature algorithm");
JMechanism mechanism = null;
DERObjectIdentifier mdOID = null;
if(derOID.equals(PKCSObjectIdentifiers.md2WithRSAEncryption))
{
mdOID = PKCSObjectIdentifiers.md2;
mechanism = new JMechanism(512);
} else
if(derOID.equals(PKCSObjectIdentifiers.md5WithRSAEncryption))
{
mdOID = PKCSObjectIdentifiers.md5;
mechanism = new JMechanism(528);
} else
{
mdOID = PKCSObjectIdentifiers.sha1;
mechanism = new JMechanism(544);
}
byte tbsCRL[] = getTBSCertList();
byte signature[] = getSignature();
byte hash[] = session.digest(mechanism, tbsCRL);
if(!derOID.equals(PKCSObjectIdentifiers.sha1WithECEncryption))
{
mechanism = new JMechanism(1);
byte encodedHash[] = encodeRSASignature(mdOID, hash);
byte decryptEncodedHash[] = session.decrypt(mechanism, pubKey, signature);
return isEqualArray(encodedHash, decryptEncodedHash);
} else
{
mechanism = new JMechanism(1027);
signature = decodeECCSignature(signature);
return session.verifySign(mechanism, pubKey, hash, signature);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -