Beispiel #1
0
  public synchronized void verify(PublicKey key, Provider sigProvider)
      throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {

    if (signedCRL == null) {
      throw new CRLException("Uninitialized CRL");
    }
    Signature sigVerf = null;
    if (sigProvider == null) {
      sigVerf = Signature.getInstance(sigAlgId.getName());
    } else {
      sigVerf = Signature.getInstance(sigAlgId.getName(), sigProvider);
    }
    sigVerf.initVerify(key);

    if (tbsCertList == null) {
      throw new CRLException("Uninitialized CRL");
    }

    sigVerf.update(tbsCertList, 0, tbsCertList.length);

    if (!sigVerf.verify(signature)) {
      throw new SignatureException("Signature does not match.");
    }
    verifiedPublicKey = key;
  }
Beispiel #2
0
  public void sign(PrivateKey key, String algorithm, String provider)
      throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException,
          SignatureException {
    try {
      if (readOnly) {
        throw new CRLException("cannot over-write existing CRL");
      }
      Signature sigEngine = null;
      if ((provider == null) || (provider.length() == 0)) {
        sigEngine = Signature.getInstance(algorithm);
      } else {
        sigEngine = Signature.getInstance(algorithm, provider);
      }

      sigEngine.initSign(key);

      sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm());
      infoSigAlgId = sigAlgId;

      DerOutputStream out = new DerOutputStream();
      DerOutputStream tmp = new DerOutputStream();

      encodeInfo(tmp);

      sigAlgId.encode(tmp);

      sigEngine.update(tbsCertList, 0, tbsCertList.length);
      signature = sigEngine.sign();
      tmp.putBitString(signature);

      out.write(DerValue.tag_Sequence, tmp);
      signedCRL = out.toByteArray();
      readOnly = true;

    } catch (IOException e) {
      throw new CRLException("Error while encoding data: " + e.getMessage());
    }
  }