use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
// method importIssuer
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = readContent(issuer.getCert());
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
ps.setString(idx++, issuer.getRevInfo());
ps.setString(idx++, Base64.encodeToString(encodedCert));
// CRL_ID
ps.setNull(idx, Types.INTEGER);
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.
the class CtLogServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
List<byte[]> chain = req0.getChain();
if (chain == null || chain.size() < 2) {
String msg = "chain has less than two certificates";
LOG.warn(msg);
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
return;
}
Certificate cert = Certificate.getInstance(chain.get(0));
Certificate caCert = Certificate.getInstance(chain.get(1));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
byte sctVersion = 0;
long timestamp = System.currentTimeMillis();
byte[] sctExtensions = null;
Signature sig = Signature.getInstance(signatureAlgo);
sig.initSign(signingKey);
CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
byte[] signature = sig.sign();
AddPreChainResponse resp0 = new AddPreChainResponse();
resp0.setSct_version(sctVersion);
resp0.setId(logId);
resp0.setTimestamp(timestamp);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
resp0.setSignature(digitallySigned.getEncoded());
byte[] respContent = JSON.toJSONBytes(resp0);
resp.setContentType("application/json");
resp.setContentLengthLong(respContent.length);
resp.getOutputStream().write(respContent);
resp.setStatus(HttpServletResponse.SC_OK);
} catch (Exception ex) {
LogUtil.error(LOG, ex);
throw new ServletException(ex.getMessage(), ex);
}
}
use of com.android.apksig.internal.x509.Certificate in project LinLong-Java by zhenwei1108.
the class X509CertificatePair method getEncoded.
public byte[] getEncoded() throws CertificateEncodingException {
Certificate f = null;
Certificate r = null;
try {
if (forward != null) {
f = Certificate.getInstance(new ASN1InputStream(forward.getEncoded()).readObject());
if (f == null) {
throw new CertificateEncodingException("unable to get encoding for forward");
}
}
if (reverse != null) {
r = Certificate.getInstance(new ASN1InputStream(reverse.getEncoded()).readObject());
if (r == null) {
throw new CertificateEncodingException("unable to get encoding for reverse");
}
}
return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER);
} catch (IllegalArgumentException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
} catch (IOException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
}
}
use of com.android.apksig.internal.x509.Certificate in project java-security-private-ca by googleapis.
the class SnippetsIT method testActivateSubordinateCertificateAuthority.
@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
String pemCertificate = response.getPemCertificate();
privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
assertThat(stdOut.toString()).contains("Current State: STAGED");
}
}
use of com.android.apksig.internal.x509.Certificate in project java-security-private-ca by googleapis.
the class CreateCertificate_CSR method createCertificateWithCSR.
// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// certificateLifetime: The validity of the certificate in seconds.
long certificateLifetime = 1000L;
// Create certificate with CSR.
// The pemCSR contains the public key and the domain details required.
Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
// Set the CA which is responsible for creating the certificate with the provided CSR.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
// Get the certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate certificateResponse = future.get();
System.out.println("Certificate created successfully : " + certificateResponse.getName());
// Get the signed certificate and the issuer chain list.
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
}
}
Aggregations