use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.
the class CtLogServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
List<byte[]> chain = req0.getChain();
if (chain == null || chain.size() < 2) {
String msg = "chain has less than two certificates";
LOG.warn(msg);
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
return;
}
Certificate cert = Certificate.getInstance(chain.get(0));
Certificate caCert = Certificate.getInstance(chain.get(1));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
byte sctVersion = 0;
long timestamp = System.currentTimeMillis();
byte[] sctExtensions = null;
Signature sig = Signature.getInstance(signatureAlgo);
sig.initSign(signingKey);
CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
byte[] signature = sig.sign();
AddPreChainResponse resp0 = new AddPreChainResponse();
resp0.setSct_version(sctVersion);
resp0.setId(logId);
resp0.setTimestamp(timestamp);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
resp0.setSignature(digitallySigned.getEncoded());
byte[] respContent = JSON.toJSONBytes(resp0);
resp.setContentType("application/json");
resp.setContentLengthLong(respContent.length);
resp.getOutputStream().write(respContent);
resp.setStatus(HttpServletResponse.SC_OK);
} catch (Exception ex) {
LogUtil.error(LOG, ex);
throw new ServletException(ex.getMessage(), ex);
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project LinLong-Java by zhenwei1108.
the class X509CertificatePair method getEncoded.
public byte[] getEncoded() throws CertificateEncodingException {
Certificate f = null;
Certificate r = null;
try {
if (forward != null) {
f = Certificate.getInstance(new ASN1InputStream(forward.getEncoded()).readObject());
if (f == null) {
throw new CertificateEncodingException("unable to get encoding for forward");
}
}
if (reverse != null) {
r = Certificate.getInstance(new ASN1InputStream(reverse.getEncoded()).readObject());
if (r == null) {
throw new CertificateEncodingException("unable to get encoding for reverse");
}
}
return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER);
} catch (IllegalArgumentException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
} catch (IOException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class SnippetsIT method testActivateSubordinateCertificateAuthority.
@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
String pemCertificate = response.getPemCertificate();
privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
assertThat(stdOut.toString()).contains("Current State: STAGED");
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class CreateCertificate_CSR method createCertificateWithCSR.
// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// certificateLifetime: The validity of the certificate in seconds.
long certificateLifetime = 1000L;
// Create certificate with CSR.
// The pemCSR contains the public key and the domain details required.
Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
// Set the CA which is responsible for creating the certificate with the provided CSR.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
// Get the certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate certificateResponse = future.get();
System.out.println("Certificate created successfully : " + certificateResponse.getName());
// Get the signed certificate and the issuer chain list.
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
}
}
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class RevokeCertificate method revokeCertificate.
// Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire
// post its lifetime.
public static void revokeCertificate(String project, String location, String pool_Id, String certificateName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Create Certificate Name.
CertificateName certificateNameParent = CertificateName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificate(certificateName).build();
// Create Revoke Certificate Request and specify the appropriate revocation reason.
RevokeCertificateRequest revokeCertificateRequest = RevokeCertificateRequest.newBuilder().setName(certificateNameParent.toString()).setReason(RevocationReason.PRIVILEGE_WITHDRAWN).build();
// Revoke certificate.
ApiFuture<Certificate> response = certificateAuthorityServiceClient.revokeCertificateCallable().futureCall(revokeCertificateRequest);
Certificate certificateResponse = response.get();
System.out.println("Certificate Revoked: " + certificateResponse.getName());
}
}
Aggregations