Search in sources :

Example 51 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CtLogServlet method doPost.

@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    try {
        AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
        List<byte[]> chain = req0.getChain();
        if (chain == null || chain.size() < 2) {
            String msg = "chain has less than two certificates";
            LOG.warn(msg);
            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
            return;
        }
        Certificate cert = Certificate.getInstance(chain.get(0));
        Certificate caCert = Certificate.getInstance(chain.get(1));
        byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
        byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
        byte sctVersion = 0;
        long timestamp = System.currentTimeMillis();
        byte[] sctExtensions = null;
        Signature sig = Signature.getInstance(signatureAlgo);
        sig.initSign(signingKey);
        CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
        byte[] signature = sig.sign();
        AddPreChainResponse resp0 = new AddPreChainResponse();
        resp0.setSct_version(sctVersion);
        resp0.setId(logId);
        resp0.setTimestamp(timestamp);
        DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
        resp0.setSignature(digitallySigned.getEncoded());
        byte[] respContent = JSON.toJSONBytes(resp0);
        resp.setContentType("application/json");
        resp.setContentLengthLong(respContent.length);
        resp.getOutputStream().write(respContent);
        resp.setStatus(HttpServletResponse.SC_OK);
    } catch (Exception ex) {
        LogUtil.error(LOG, ex);
        throw new ServletException(ex.getMessage(), ex);
    }
}
Also used : ServletException(javax.servlet.ServletException) DigitallySigned(org.xipki.security.ctlog.CtLog.DigitallySigned) Signature(java.security.Signature) AddPreChainRequest(org.xipki.security.ctlog.CtLogMessages.AddPreChainRequest) AddPreChainResponse(org.xipki.security.ctlog.CtLogMessages.AddPreChainResponse) ServletException(javax.servlet.ServletException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 52 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project LinLong-Java by zhenwei1108.

the class X509CertificatePair method getEncoded.

public byte[] getEncoded() throws CertificateEncodingException {
    Certificate f = null;
    Certificate r = null;
    try {
        if (forward != null) {
            f = Certificate.getInstance(new ASN1InputStream(forward.getEncoded()).readObject());
            if (f == null) {
                throw new CertificateEncodingException("unable to get encoding for forward");
            }
        }
        if (reverse != null) {
            r = Certificate.getInstance(new ASN1InputStream(reverse.getEncoded()).readObject());
            if (r == null) {
                throw new CertificateEncodingException("unable to get encoding for reverse");
            }
        }
        return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER);
    } catch (IllegalArgumentException e) {
        throw new ExtCertificateEncodingException(e.toString(), e);
    } catch (IOException e) {
        throw new ExtCertificateEncodingException(e.toString(), e);
    }
}
Also used : ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) CertificatePair(com.github.zhenwei.core.asn1.x509.CertificatePair) X509Certificate(java.security.cert.X509Certificate) Certificate(com.github.zhenwei.core.asn1.x509.Certificate)

Example 53 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.

the class SnippetsIT method testActivateSubordinateCertificateAuthority.

@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
        String pemCertificate = response.getPemCertificate();
        privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
        assertThat(stdOut.toString()).contains("Current State: STAGED");
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ByteString(com.google.protobuf.ByteString) Certificate(com.google.cloud.security.privateca.v1.Certificate) Test(org.junit.Test)

Example 54 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.

the class CreateCertificate_CSR method createCertificateWithCSR.

// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // certificateLifetime: The validity of the certificate in seconds.
        long certificateLifetime = 1000L;
        // Create certificate with CSR.
        // The pemCSR contains the public key and the domain details required.
        Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        // Set the CA which is responsible for creating the certificate with the provided CSR.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
        // Get the certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate certificateResponse = future.get();
        System.out.println("Certificate created successfully : " + certificateResponse.getName());
        // Get the signed certificate and the issuer chain list.
        System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
        System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
    }
}
Also used : CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 55 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.

the class RevokeCertificate method revokeCertificate.

// Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire
// post its lifetime.
public static void revokeCertificate(String project, String location, String pool_Id, String certificateName) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Create Certificate Name.
        CertificateName certificateNameParent = CertificateName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificate(certificateName).build();
        // Create Revoke Certificate Request and specify the appropriate revocation reason.
        RevokeCertificateRequest revokeCertificateRequest = RevokeCertificateRequest.newBuilder().setName(certificateNameParent.toString()).setReason(RevocationReason.PRIVILEGE_WITHDRAWN).build();
        // Revoke certificate.
        ApiFuture<Certificate> response = certificateAuthorityServiceClient.revokeCertificateCallable().futureCall(revokeCertificateRequest);
        Certificate certificateResponse = response.get();
        System.out.println("Certificate Revoked: " + certificateResponse.getName());
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) RevokeCertificateRequest(com.google.cloud.security.privateca.v1.RevokeCertificateRequest) CertificateName(com.google.cloud.security.privateca.v1.CertificateName) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5