Example usage for java.security.cert X509Certificate getSigAlgParams

List of usage examples for java.security.cert X509Certificate getSigAlgParams

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509Certificate
  6. getSigAlgParams

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getSigAlgParams.

Prototype

public abstract byte[] getSigAlgParams();

Source Link

Document

Gets the DER-encoded signature algorithm parameters from this certificate's signature algorithm.

Usage

From source file:org.cesecore.certificates.util.AlgorithmTools.java

/**
 * Simple methods that returns the signature algorithm value from the certificate. Not usable for setting signature algorithms names in EJBCA,
 * only for human presentation./*from  w w w. j a  v a2s.c  o m*/
 * 
 * @return Signature algorithm name from the certificate as a human readable string, for example SHA1WithRSA.
 */
public static String getCertSignatureAlgorithmNameAsString(Certificate cert) {
    String certSignatureAlgorithm = null;
    if (cert instanceof X509Certificate) {
        X509Certificate x509cert = (X509Certificate) cert;
        certSignatureAlgorithm = x509cert.getSigAlgName();
        if (log.isDebugEnabled()) {
            log.debug("certSignatureAlgorithm is: " + certSignatureAlgorithm);
        }
    } else if (StringUtils.equals(cert.getType(), "CVC")) {
        CardVerifiableCertificate cvccert = (CardVerifiableCertificate) cert;
        CVCPublicKey cvcpk;
        try {
            cvcpk = cvccert.getCVCertificate().getCertificateBody().getPublicKey();
            OIDField oid = cvcpk.getObjectIdentifier();
            certSignatureAlgorithm = AlgorithmUtil.getAlgorithmName(oid);
        } catch (NoSuchFieldException e) {
            log.error("NoSuchFieldException: ", e);
        }
    }
    // Try to make it easier to display some signature algorithms that cert.getSigAlgName() does not have a good string for.
    if (certSignatureAlgorithm.equalsIgnoreCase("1.2.840.113549.1.1.10")) {
        // Figure out if it is SHA1 or SHA256
        // If we got this value we should have a x509 cert
        if (cert instanceof X509Certificate) {
            X509Certificate x509cert = (X509Certificate) cert;
            certSignatureAlgorithm = x509cert.getSigAlgName();
            byte[] params = x509cert.getSigAlgParams();
            if ((params != null) && (params.length == 2)) {
                certSignatureAlgorithm = AlgorithmConstants.SIGALG_SHA1_WITH_RSA_AND_MGF1;
            } else {
                certSignatureAlgorithm = AlgorithmConstants.SIGALG_SHA256_WITH_RSA_AND_MGF1;
            }
        }
    }
    // SHA256WithECDSA does not work to be translated in JDK5.
    if (certSignatureAlgorithm.equalsIgnoreCase("1.2.840.10045.4.3.2")) {
        certSignatureAlgorithm = AlgorithmConstants.SIGALG_SHA256_WITH_ECDSA;
    }
    // GOST3410
    if (isGost3410Enabled()
            && certSignatureAlgorithm.equalsIgnoreCase(CesecoreConfiguration.getOidGost3410())) {
        certSignatureAlgorithm = AlgorithmConstants.SIGALG_GOST3411_WITH_ECGOST3410;
    }
    // DSTU4145
    if (isDstu4145Enabled()
            && certSignatureAlgorithm.startsWith(CesecoreConfiguration.getOidDstu4145() + ".")) {
        certSignatureAlgorithm = AlgorithmConstants.SIGALG_GOST3411_WITH_DSTU4145;
    }
    return certSignatureAlgorithm;
}