public final void verify(PublicKey key, String sigProvider)
throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
Signature signature = Signature.getInstance(sigName, sigProvider);
checkSignature(key, signature);
}
public final void verify(PublicKey key)
throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
Signature signature;
String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
try {
signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
} catch (Exception e) {
signature = Signature.getInstance(sigName);
}
checkSignature(key, signature);
}
private void checkSignature(PublicKey key, Signature signature)
throws CertificateException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException {
if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) {
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
ASN1Encodable params = c.getSignatureAlgorithm().getParameters();
// TODO This should go after the initVerify?
X509SignatureUtil.setSignatureParameters(signature, params);
signature.initVerify(key);
signature.update(this.getTBSCertificate());
if (!signature.verify(this.getSignature())) {
throw new SignatureException("certificate does not verify with supplied key");
}
}
public X509CRLObject(CertificateList c) throws CRLException {
this.c = c;
try {
this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
if (c.getSignatureAlgorithm().getParameters() != null) {
this.sigAlgParams =
((ASN1Encodable) c.getSignatureAlgorithm().getParameters())
.toASN1Primitive()
.getEncoded(ASN1Encoding.DER);
} else {
this.sigAlgParams = null;
}
this.isIndirect = isIndirectCRL(this);
} catch (Exception e) {
throw new CRLException("CRL contents invalid: " + e);
}
}