Search in sources :

Example 46 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CrlStreamParserTest method parseCrlWithInvalidityDate.

@Test
public void parseCrlWithInvalidityDate() throws Exception {
    Certificate issuerSigner = getIssuerSigner();
    CrlStreamParser parser = getParser("invaliditydate.crl");
    Assert.assertEquals("version", 1, parser.getVersion());
    Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
    Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
    int numRevokedCerts = 0;
    try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
        while (iterator.hasNext()) {
            iterator.next();
            numRevokedCerts++;
        }
    }
    Assert.assertEquals("#revokedCertificates", 1, numRevokedCerts);
}
Also used : CrlStreamParser(org.xipki.security.asn1.CrlStreamParser) RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator) Certificate(org.bouncycastle.asn1.x509.Certificate) Test(org.junit.Test)

Example 47 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CtLogTest method parseCtLogInCert.

private void parseCtLogInCert(String certFile) throws Exception {
    byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
    certBytes = X509Util.toDerEncoded(certBytes);
    Certificate cert = Certificate.getInstance(certBytes);
    Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
    byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
    SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
    SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
    sct.getDigitallySigned().getEncoded();
    sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
    byte[] encoded2 = sctList2.getEncoded();
    Assert.assertArrayEquals(encodedScts, encoded2);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList) Certificate(org.bouncycastle.asn1.x509.Certificate) SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)

Example 48 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class IssuerEntry method getIssuerHashAndKeys.

private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
    byte[] encodedName;
    byte[] encodedKey;
    try {
        Certificate bcCert = Certificate.getInstance(encodedCert);
        encodedName = bcCert.getSubject().getEncoded("DER");
        encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    } catch (IllegalArgumentException | IOException ex) {
        throw new CertificateEncodingException(ex.getMessage(), ex);
    }
    Map<HashAlgo, byte[]> hashes = new HashMap<>();
    for (HashAlgo ha : HashAlgo.values()) {
        int hlen = ha.getLength();
        byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
        int offset = 0;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
        offset += hlen;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
        hashes.put(ha, nameAndKeyHash);
    }
    return hashes;
}
Also used : HashMap(java.util.HashMap) HashAlgo(org.xipki.security.HashAlgo) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 49 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class EjbcaIssuerEntry method getIssuerHashAndKeys.

private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
    byte[] encodedName;
    byte[] encodedKey;
    try {
        Certificate bcCert = Certificate.getInstance(encodedCert);
        encodedName = bcCert.getSubject().getEncoded("DER");
        encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
    } catch (IllegalArgumentException | IOException ex) {
        throw new CertificateEncodingException(ex.getMessage(), ex);
    }
    Map<HashAlgo, byte[]> hashes = new HashMap<>();
    for (HashAlgo ha : HashAlgo.values()) {
        int hlen = ha.getLength();
        byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
        int offset = 0;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
        offset += hlen;
        nameAndKeyHash[offset++] = 0x04;
        nameAndKeyHash[offset++] = (byte) hlen;
        System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
        hashes.put(ha, nameAndKeyHash);
    }
    return hashes;
}
Also used : HashMap(java.util.HashMap) HashAlgo(org.xipki.security.HashAlgo) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 50 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class OcspCertStoreFromCaDbImporter method importIssuer0.

// method importIssuer
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
    try {
        byte[] encodedCert = readContent(issuer.getCert());
        relatedCaIds.add(issuer.getId());
        Certificate cert;
        try {
            cert = Certificate.getInstance(encodedCert);
        } catch (RuntimeException ex) {
            String msg = "could not parse certificate of issuer " + issuer.getId();
            LogUtil.error(LOG, ex, msg);
            throw new CertificateException(ex.getMessage(), ex);
        }
        int idx = 1;
        ps.setInt(idx++, issuer.getId());
        ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
        ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
        ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
        ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
        ps.setString(idx++, issuer.getRevInfo());
        ps.setString(idx++, Base64.encodeToString(encodedCert));
        // CRL_ID
        ps.setNull(idx, Types.INTEGER);
        ps.execute();
    } catch (SQLException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw translate(sql, ex);
    } catch (CertificateException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw ex;
    }
}
Also used : SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5