Example 31 with Certificate
use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.
the class CaCertStoreDbImporter method importEntries.
private long importEntries(CaDbEntryType type, String entriesZipFile, long minId, File processLogFile, ProcessLog processLog, int numProcessedInLastProcess, PreparedStatement[] statements, String[] sqls) throws Exception {
final int numEntriesPerCommit = Math.max(1, Math.round(type.getSqlBatchFactor() * numCertsPerCommit));
ZipFile zipFile = new ZipFile(new File(entriesZipFile));
ZipEntry entriesXmlEntry = zipFile.getEntry("overview.xml");
DbiXmlReader entries;
try {
entries = createReader(type, zipFile.getInputStream(entriesXmlEntry));
} catch (Exception ex) {
try {
zipFile.close();
} catch (Exception e2) {
LOG.error("could not close ZIP file {}: {}", entriesZipFile, e2.getMessage());
LOG.debug("could not close ZIP file " + entriesZipFile, e2);
}
throw ex;
}
disableAutoCommit();
try {
int numEntriesInBatch = 0;
long lastSuccessfulEntryId = 0;
while (entries.hasNext()) {
if (stopMe.get()) {
throw new InterruptedException("interrupted by the user");
}
IdentifidDbObjectType entry = (IdentifidDbObjectType) entries.next();
long id = entry.getId();
if (id < minId) {
continue;
}
numEntriesInBatch++;
if (CaDbEntryType.CERT == type) {
CertType cert = (CertType) entry;
int certArt = (cert.getArt() == null) ? 1 : cert.getArt();
String filename = cert.getFile();
// rawcert
ZipEntry certZipEnty = zipFile.getEntry(filename);
// rawcert
byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty));
TBSCertificate tbsCert;
try {
Certificate cc = Certificate.getInstance(encodedCert);
tbsCert = cc.getTBSCertificate();
} catch (RuntimeException ex) {
LOG.error("could not parse certificate in file {}", filename);
LOG.debug("could not parse certificate in file " + filename, ex);
throw new CertificateException(ex.getMessage(), ex);
}
byte[] encodedKey = tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
String b64Sha1FpCert = HashAlgo.SHA1.base64Hash(encodedCert);
// cert
String subjectText = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen);
PreparedStatement psCert = statements[0];
PreparedStatement psRawcert = statements[1];
try {
int idx = 1;
psCert.setLong(idx++, id);
psCert.setInt(idx++, certArt);
psCert.setLong(idx++, cert.getUpdate());
psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
psCert.setString(idx++, subjectText);
long fpSubject = X509Util.fpCanonicalizedName(tbsCert.getSubject());
psCert.setLong(idx++, fpSubject);
if (cert.getFpRs() != null) {
psCert.setLong(idx++, cert.getFpRs());
} else {
psCert.setNull(idx++, Types.BIGINT);
}
psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
setBoolean(psCert, idx++, cert.getRev());
setInt(psCert, idx++, cert.getRr());
setLong(psCert, idx++, cert.getRt());
setLong(psCert, idx++, cert.getRit());
setInt(psCert, idx++, cert.getPid());
setInt(psCert, idx++, cert.getCaId());
setInt(psCert, idx++, cert.getRid());
setInt(psCert, idx++, cert.getUid());
psCert.setLong(idx++, FpIdCalculator.hash(encodedKey));
Extension extension = tbsCert.getExtensions().getExtension(Extension.basicConstraints);
boolean ee = true;
if (extension != null) {
ASN1Encodable asn1 = extension.getParsedValue();
ee = !BasicConstraints.getInstance(asn1).isCA();
}
psCert.setInt(idx++, ee ? 1 : 0);
psCert.setInt(idx++, cert.getReqType());
String tidS = null;
if (cert.getTid() != null) {
tidS = cert.getTid();
}
psCert.setString(idx++, tidS);
psCert.addBatch();
} catch (SQLException ex) {
throw translate(SQL_ADD_CERT, ex);
}
try {
int idx = 1;
psRawcert.setLong(idx++, cert.getId());
psRawcert.setString(idx++, b64Sha1FpCert);
psRawcert.setString(idx++, cert.getRs());
psRawcert.setString(idx++, Base64.encodeToString(encodedCert));
psRawcert.addBatch();
} catch (SQLException ex) {
throw translate(SQL_ADD_CRAW, ex);
}
} else if (CaDbEntryType.CRL == type) {
PreparedStatement psAddCrl = statements[0];
CrlType crl = (CrlType) entry;
String filename = crl.getFile();
// CRL
ZipEntry zipEnty = zipFile.getEntry(filename);
// rawcert
byte[] encodedCrl = IoUtil.read(zipFile.getInputStream(zipEnty));
X509CRL x509crl = null;
try {
x509crl = X509Util.parseCrl(encodedCrl);
} catch (Exception ex) {
LOG.error("could not parse CRL in file {}", filename);
LOG.debug("could not parse CRL in file " + filename, ex);
if (ex instanceof CRLException) {
throw (CRLException) ex;
} else {
throw new CRLException(ex.getMessage(), ex);
}
}
try {
byte[] octetString = x509crl.getExtensionValue(Extension.cRLNumber.getId());
if (octetString == null) {
LOG.warn("CRL without CRL number, ignore it");
continue;
}
byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
// CHECKSTYLE:SKIP
BigInteger crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
BigInteger baseCrlNumber = null;
octetString = x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
if (octetString != null) {
extnValue = DEROctetString.getInstance(octetString).getOctets();
baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
}
int idx = 1;
psAddCrl.setLong(idx++, crl.getId());
psAddCrl.setInt(idx++, crl.getCaId());
psAddCrl.setLong(idx++, crlNumber.longValue());
psAddCrl.setLong(idx++, x509crl.getThisUpdate().getTime() / 1000);
if (x509crl.getNextUpdate() != null) {
psAddCrl.setLong(idx++, x509crl.getNextUpdate().getTime() / 1000);
} else {
psAddCrl.setNull(idx++, Types.INTEGER);
}
if (baseCrlNumber == null) {
setBoolean(psAddCrl, idx++, false);
psAddCrl.setNull(idx++, Types.BIGINT);
} else {
setBoolean(psAddCrl, idx++, true);
psAddCrl.setLong(idx++, baseCrlNumber.longValue());
}
String str = Base64.encodeToString(encodedCrl);
psAddCrl.setString(idx++, str);
psAddCrl.addBatch();
} catch (SQLException ex) {
System.err.println("could not import CRL with ID=" + crl.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else if (CaDbEntryType.REQUEST == type) {
PreparedStatement psAddRequest = statements[0];
RequestType request = (RequestType) entry;
String filename = request.getFile();
ZipEntry zipEnty = zipFile.getEntry(filename);
byte[] encodedRequest = IoUtil.read(zipFile.getInputStream(zipEnty));
try {
int idx = 1;
psAddRequest.setLong(idx++, request.getId());
psAddRequest.setLong(idx++, request.getUpdate());
psAddRequest.setString(idx++, Base64.encodeToString(encodedRequest));
psAddRequest.addBatch();
} catch (SQLException ex) {
System.err.println("could not import REQUEST with ID=" + request.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else if (CaDbEntryType.REQCERT == type) {
PreparedStatement psAddReqCert = statements[0];
RequestCertType reqCert = (RequestCertType) entry;
try {
int idx = 1;
psAddReqCert.setLong(idx++, reqCert.getId());
psAddReqCert.setLong(idx++, reqCert.getRid());
psAddReqCert.setLong(idx++, reqCert.getCid());
psAddReqCert.addBatch();
} catch (SQLException ex) {
System.err.println("could not import REQUEST with ID=" + reqCert.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else {
throw new RuntimeException("Unknown CaDbEntryType " + type);
}
boolean isLastBlock = !entries.hasNext();
if (numEntriesInBatch > 0 && (numEntriesInBatch % numEntriesPerCommit == 0 || isLastBlock)) {
if (evaulateOnly) {
for (PreparedStatement m : statements) {
m.clearBatch();
}
} else {
String sql = null;
try {
for (int i = 0; i < sqls.length; i++) {
sql = sqls[i];
statements[i].executeBatch();
}
sql = null;
commit("(commit import to CA)");
} catch (Throwable th) {
rollback();
deleteFromTableWithLargerId(type.getTableName(), "ID", id, LOG);
if (CaDbEntryType.CERT == type) {
deleteFromTableWithLargerId("CRAW", "CID", id, LOG);
}
if (th instanceof SQLException) {
throw translate(sql, (SQLException) th);
} else if (th instanceof Exception) {
throw (Exception) th;
} else {
throw new Exception(th);
}
}
}
lastSuccessfulEntryId = id;
processLog.addNumProcessed(numEntriesInBatch);
numEntriesInBatch = 0;
echoToFile(type + ":" + (numProcessedInLastProcess + processLog.numProcessed()) + ":" + lastSuccessfulEntryId, processLogFile);
processLog.printStatus();
}
}
return lastSuccessfulEntryId;
} finally {
recoverAutoCommit();
zipFile.close();
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
SQLException(java.sql.SQLException)
ZipEntry(java.util.zip.ZipEntry)
RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType)
CertType(org.xipki.ca.dbtool.xmlio.ca.CertType)
CertificateException(java.security.cert.CertificateException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
CRLException(java.security.cert.CRLException)
IdentifidDbObjectType(org.xipki.ca.dbtool.xmlio.IdentifidDbObjectType)
DbiXmlReader(org.xipki.ca.dbtool.xmlio.DbiXmlReader)
PreparedStatement(java.sql.PreparedStatement)
RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType)
XMLStreamException(javax.xml.stream.XMLStreamException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
InvalidDataObjectException(org.xipki.ca.dbtool.xmlio.InvalidDataObjectException)
CRLException(java.security.cert.CRLException)
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
Extension(org.bouncycastle.asn1.x509.Extension)
ZipFile(java.util.zip.ZipFile)
CrlType(org.xipki.ca.dbtool.xmlio.ca.CrlType)
BigInteger(java.math.BigInteger)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
RequestType(org.xipki.ca.dbtool.xmlio.ca.RequestType)
Example 32 with Certificate
use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.
the class OcspCertStoreDbImporter method importIssuer0.
private void importIssuer0(IssuerType issuer, PreparedStatement ps) throws DataAccessException, CertificateException, IOException {
try {
String certFilename = issuer.getCertFile();
String b64Cert = new String(IoUtil.read(new File(baseDir, certFilename)));
byte[] encodedCert = Base64.decode(b64Cert);
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
LOG.error("could not parse certificate of issuer {}", issuer.getId());
LOG.debug("could not parse certificate of issuer " + issuer.getId(), ex);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, sha1(encodedCert));
setBoolean(ps, idx++, issuer.isRevoked());
setInt(ps, idx++, issuer.getRevReason());
setLong(ps, idx++, issuer.getRevTime());
setLong(ps, idx++, issuer.getRevInvTime());
ps.setString(idx++, b64Cert);
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(SQL_ADD_ISSUER, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
Also used :
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 33 with Certificate
use of com.android.apksig.internal.x509.Certificate in project xipki by xipki.
the class BenchmarkOcspStatusCmd method execute0.
@Override
protected Object execute0() throws Exception {
int ii = 0;
if (serialNumberList != null) {
ii++;
}
if (serialNumberFile != null) {
ii++;
}
if (CollectionUtil.isNonEmpty(certFiles)) {
ii++;
}
if (ii != 1) {
throw new IllegalCmdParamException("exactly one of serial, serial-file and cert must be specified");
}
if (numThreads < 1) {
throw new IllegalCmdParamException("invalid number of threads " + numThreads);
}
Iterator<BigInteger> serialNumberIterator;
if (serialNumberFile != null) {
serialNumberIterator = new FileBigIntegerIterator(IoUtil.expandFilepath(serialNumberFile), hex, true);
} else {
List<BigIntegerRange> serialNumbers = new LinkedList<>();
if (serialNumberList != null) {
StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
while (st.hasMoreTokens()) {
String token = st.nextToken();
StringTokenizer st2 = new StringTokenizer(token, "-");
BigInteger from = toBigInt(st2.nextToken(), hex);
BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : from;
serialNumbers.add(new BigIntegerRange(from, to));
}
} else if (certFiles != null) {
for (String certFile : certFiles) {
X509Certificate cert;
try {
cert = X509Util.parseCert(certFile);
} catch (Exception ex) {
throw new IllegalCmdParamException("invalid certificate file '" + certFile + "'", ex);
}
BigInteger serial = cert.getSerialNumber();
serialNumbers.add(new BigIntegerRange(serial, serial));
}
}
serialNumberIterator = new RangeBigIntegerIterator(serialNumbers, true);
}
try {
String description = StringUtil.concatObjects("issuer cert: ", issuerCertFile, "\nserver URL: ", serverUrl, "\nmaxRequest: ", maxRequests, "\nhash: ", hashAlgo);
Certificate issuerCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
RequestOptions options = getRequestOptions();
OcspBenchmark loadTest = new OcspBenchmark(issuerCert, serverUrl, options, serialNumberIterator, maxRequests, analyzeResponse, queueSize, description.toString());
loadTest.setDuration(duration);
loadTest.setThreads(numThreads);
loadTest.test();
} finally {
if (serialNumberIterator instanceof FileBigIntegerIterator) {
((FileBigIntegerIterator) serialNumberIterator).close();
}
}
return null;
}
Also used :
BigIntegerRange(org.xipki.common.util.BigIntegerRange)
RequestOptions(org.xipki.ocsp.client.api.RequestOptions)
OcspBenchmark(org.xipki.ocsp.qa.benchmark.OcspBenchmark)
FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
StringTokenizer(java.util.StringTokenizer)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
BigInteger(java.math.BigInteger)
RangeBigIntegerIterator(org.xipki.common.util.RangeBigIntegerIterator)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 34 with Certificate
use of com.android.apksig.internal.x509.Certificate in project jasn1 by openmuc.
the class InitiateAuthenticationOkEs9 method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
transactionId = new TransactionId();
vByteCount += transactionId.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
vByteCount += serverSigned1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
vByteCount += serverSignature1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
vByteCount += serverCertificate.decode(is, false);
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
IOException(java.io.IOException)
SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)
Example 35 with Certificate
use of com.android.apksig.internal.x509.Certificate in project jasn1 by openmuc.
the class AuthenticateServerRequest method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
int numDecodedBytes;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
vByteCount += serverSigned1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
vByteCount += serverSignature1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
vByteCount += serverCertificate.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
ctxParams1 = new CtxParams1();
numDecodedBytes = ctxParams1.decode(is, berTag);
if (numDecodedBytes != 0) {
vByteCount += numDecodedBytes;
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
IOException(java.io.IOException)
SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
File (java.io.File)12
Test (org.junit.Test)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
ArrayList (java.util.ArrayList)5
