Example 51 with Certificate
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.
the class CtLogServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
List<byte[]> chain = req0.getChain();
if (chain == null || chain.size() < 2) {
String msg = "chain has less than two certificates";
LOG.warn(msg);
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
return;
}
Certificate cert = Certificate.getInstance(chain.get(0));
Certificate caCert = Certificate.getInstance(chain.get(1));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
byte sctVersion = 0;
long timestamp = System.currentTimeMillis();
byte[] sctExtensions = null;
Signature sig = Signature.getInstance(signatureAlgo);
sig.initSign(signingKey);
CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
byte[] signature = sig.sign();
AddPreChainResponse resp0 = new AddPreChainResponse();
resp0.setSct_version(sctVersion);
resp0.setId(logId);
resp0.setTimestamp(timestamp);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
resp0.setSignature(digitallySigned.getEncoded());
byte[] respContent = JSON.toJSONBytes(resp0);
resp.setContentType("application/json");
resp.setContentLengthLong(respContent.length);
resp.getOutputStream().write(respContent);
resp.setStatus(HttpServletResponse.SC_OK);
} catch (Exception ex) {
LogUtil.error(LOG, ex);
throw new ServletException(ex.getMessage(), ex);
}
}
Also used :
ServletException(javax.servlet.ServletException)
DigitallySigned(org.xipki.security.ctlog.CtLog.DigitallySigned)
Signature(java.security.Signature)
AddPreChainRequest(org.xipki.security.ctlog.CtLogMessages.AddPreChainRequest)
AddPreChainResponse(org.xipki.security.ctlog.CtLogMessages.AddPreChainResponse)
ServletException(javax.servlet.ServletException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 52 with Certificate
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project LinLong-Java by zhenwei1108.
the class X509CertificatePair method getEncoded.
public byte[] getEncoded() throws CertificateEncodingException {
Certificate f = null;
Certificate r = null;
try {
if (forward != null) {
f = Certificate.getInstance(new ASN1InputStream(forward.getEncoded()).readObject());
if (f == null) {
throw new CertificateEncodingException("unable to get encoding for forward");
}
}
if (reverse != null) {
r = Certificate.getInstance(new ASN1InputStream(reverse.getEncoded()).readObject());
if (r == null) {
throw new CertificateEncodingException("unable to get encoding for reverse");
}
}
return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER);
} catch (IllegalArgumentException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
} catch (IOException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
}
}
Also used :
ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
CertificatePair(com.github.zhenwei.core.asn1.x509.CertificatePair)
X509Certificate(java.security.cert.X509Certificate)
Certificate(com.github.zhenwei.core.asn1.x509.Certificate)
Example 53 with Certificate
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class SnippetsIT method testActivateSubordinateCertificateAuthority.
@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
String pemCertificate = response.getPemCertificate();
privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
assertThat(stdOut.toString()).contains("Current State: STAGED");
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
ByteString(com.google.protobuf.ByteString)
Certificate(com.google.cloud.security.privateca.v1.Certificate)
Test(org.junit.Test)
Example 54 with Certificate
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class CreateCertificate_CSR method createCertificateWithCSR.
// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// certificateLifetime: The validity of the certificate in seconds.
long certificateLifetime = 1000L;
// Create certificate with CSR.
// The pemCSR contains the public key and the domain details required.
Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
// Set the CA which is responsible for creating the certificate with the provided CSR.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
// Get the certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate certificateResponse = future.get();
System.out.println("Certificate created successfully : " + certificateResponse.getName());
// Get the signed certificate and the issuer chain list.
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
}
}
Also used :
CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest)
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
Certificate(com.google.cloud.security.privateca.v1.Certificate)
Example 55 with Certificate
use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project java-security-private-ca by googleapis.
the class RevokeCertificate method revokeCertificate.
// Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire
// post its lifetime.
public static void revokeCertificate(String project, String location, String pool_Id, String certificateName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Create Certificate Name.
CertificateName certificateNameParent = CertificateName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificate(certificateName).build();
// Create Revoke Certificate Request and specify the appropriate revocation reason.
RevokeCertificateRequest revokeCertificateRequest = RevokeCertificateRequest.newBuilder().setName(certificateNameParent.toString()).setReason(RevocationReason.PRIVILEGE_WITHDRAWN).build();
// Revoke certificate.
ApiFuture<Certificate> response = certificateAuthorityServiceClient.revokeCertificateCallable().futureCall(revokeCertificateRequest);
Certificate certificateResponse = response.get();
System.out.println("Certificate Revoked: " + certificateResponse.getName());
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
RevokeCertificateRequest(com.google.cloud.security.privateca.v1.RevokeCertificateRequest)
CertificateName(com.google.cloud.security.privateca.v1.CertificateName)
Certificate(com.google.cloud.security.privateca.v1.Certificate)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
File (java.io.File)11
Test (org.junit.Test)10
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
Date (java.util.Date)5
