Download - Svetlin Nakov
Download - Svetlin Nakov
Download - Svetlin Nakov
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
* and displays the verification results. The received document, certificate and<br />
* signature are taken from the member variables mReceivedFileData, mCertificate<br />
* and mSignature respectively.<br />
*/<br />
private void verifyReceivedSignature()<br />
throws IOException {<br />
mOut.println("Digital signature status: ");<br />
try {<br />
boolean signatureValid = DigitalSignatureUtils.verifyDocumentSignature(<br />
mReceivedFileData, mCertificate, mSignature);<br />
if (signatureValid)<br />
mOut.println("Signature is verified to be VALID.");<br />
else<br />
mOut.println("Signature is INVALID!");<br />
} catch (Exception e) {<br />
e.printStackTrace();<br />
mOut.println("Signature verification failed due to exception: " +<br />
e.toString());<br />
}<br />
mOut.println("");<br />
}<br />
/**<br />
* Displays information about given certificate. This information includes the<br />
* certificate subject distinguished name and its purposes (public key usages).<br />
*/<br />
private void displayCertificate(X509Certificate aCertificate)<br />
throws IOException {<br />
String certificateSubject = aCertificate.getSubjectDN().toString();<br />
mOut.println("Certificate subject: " + certificateSubject + " ");<br />
}<br />
boolean[] certKeyUsage = aCertificate.getKeyUsage();<br />
mOut.println("Certificate purposes (public key usages): ");<br />
if (certKeyUsage != null) {<br />
if (certKeyUsage[KEY_USAGE_DIGITAL_SIGNATURE])<br />
mOut.println("[digitalSignature] - verify digital signatures ");<br />
if (certKeyUsage[KEY_USAGE_NON_REPUDIATION])<br />
mOut.println("[nonRepudiation] - verify non-repudiation ");<br />
if (certKeyUsage[KEY_USAGE_KEY_ENCIPHERMENT])<br />
mOut.println("[keyEncipherment] - encipher keys for transport");<br />
if (certKeyUsage[KEY_USAGE_DATA_ENCIPHERMENT])<br />
mOut.println("[dataEncipherment] - encipher user data ");<br />
if (certKeyUsage[KEY_USAGE_KEY_AGREEMENT])<br />
mOut.println("[keyAgreement] - use for key agreement ");<br />
if (certKeyUsage[KEY_USAGE_CERT_SIGN])<br />
mOut.println("[keyCertSign] - verify signatures on certs ");<br />
if (certKeyUsage[KEY_USAGE_CRL_SIGN])<br />
mOut.println("[cRLSign] - verify signatures on CRLs ");<br />
if (certKeyUsage[KEY_USAGE_ENCIPHER_ONLY])<br />
mOut.println("[encipherOnly] - encipher during key agreement ");<br />
if (certKeyUsage[KEY_USAGE_DECIPHER_ONLY])<br />
mOut.println("[decipherOnly] - decipher during key agreement ");<br />
} else {<br />
mOut.println("[No purposes defined] ");<br />
}<br />
/**<br />
* Verifies received certificate directly and displays the verification results.<br />
* The certificate for verification is taken form mCertificate member variable.<br />
* Trusted certificates are taken from the CERTS_FOR_DIRECT_VALIDATION_DIR<br />
* directory. This directory should be relative to the Web application root<br />
* directory and should contain only .CER files (DER-encoded X.509 cert.).<br />
*/<br />
122