/** return the signature parameters, or null if there aren't any. */
public byte[] getSigAlgParams() {
if (c.getSignatureAlgorithm().getParameters() != null) {
try {
return c.getSignatureAlgorithm()
.getParameters()
.toASN1Primitive()
.getEncoded(ASN1Encoding.DER);
} catch (IOException e) {
return null;
}
} else {
return null;
}
}
public final void verify(PublicKey key, String sigProvider)
throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
Signature signature = Signature.getInstance(sigName, sigProvider);
checkSignature(key, signature);
}
private void checkSignature(PublicKey key, Signature signature)
throws CertificateException, NoSuchAlgorithmException, SignatureException,
InvalidKeyException {
if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) {
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
ASN1Encodable params = c.getSignatureAlgorithm().getParameters();
// TODO This should go after the initVerify?
X509SignatureUtil.setSignatureParameters(signature, params);
signature.initVerify(key);
signature.update(this.getTBSCertificate());
if (!signature.verify(this.getSignature())) {
throw new SignatureException("certificate does not verify with supplied key");
}
}
public final void verify(PublicKey key)
throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
Signature signature;
String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
try {
signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
} catch (Exception e) {
signature = Signature.getInstance(sigName);
}
checkSignature(key, signature);
}
/** return the object identifier for the signature. */
public String getSigAlgOID() {
return c.getSignatureAlgorithm().getAlgorithm().getId();
}