Search in sources :

Example 66 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CsrGenAction method execute0.

@Override
protected Object execute0() throws Exception {
    hashAlgo = hashAlgo.trim().toUpperCase();
    if (hashAlgo.indexOf('-') != -1) {
        hashAlgo = hashAlgo.replaceAll("-", "");
    }
    if (needExtensionTypes == null) {
        needExtensionTypes = new LinkedList<>();
    }
    if (wantExtensionTypes == null) {
        wantExtensionTypes = new LinkedList<>();
    }
    // SubjectAltNames
    List<Extension> extensions = new LinkedList<>();
    ASN1OctetString extnValue = createExtnValueSubjectAltName();
    if (extnValue != null) {
        ASN1ObjectIdentifier oid = Extension.subjectAlternativeName;
        extensions.add(new Extension(oid, false, extnValue));
        needExtensionTypes.add(oid.getId());
    }
    // SubjectInfoAccess
    extnValue = createExtnValueSubjectInfoAccess();
    if (extnValue != null) {
        ASN1ObjectIdentifier oid = Extension.subjectInfoAccess;
        extensions.add(new Extension(oid, false, extnValue));
        needExtensionTypes.add(oid.getId());
    }
    // Keyusage
    if (isNotEmpty(keyusages)) {
        Set<KeyUsage> usages = new HashSet<>();
        for (String usage : keyusages) {
            usages.add(KeyUsage.getKeyUsage(usage));
        }
        org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
        ASN1ObjectIdentifier extType = Extension.keyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // ExtendedKeyusage
    if (isNotEmpty(extkeyusages)) {
        ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
        ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // QcEuLimitValue
    if (isNotEmpty(qcEuLimits)) {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (String m : qcEuLimits) {
            StringTokenizer st = new StringTokenizer(m, ":");
            try {
                String currencyS = st.nextToken();
                String amountS = st.nextToken();
                String exponentS = st.nextToken();
                Iso4217CurrencyCode currency;
                try {
                    int intValue = Integer.parseInt(currencyS);
                    currency = new Iso4217CurrencyCode(intValue);
                } catch (NumberFormatException ex) {
                    currency = new Iso4217CurrencyCode(currencyS);
                }
                int amount = Integer.parseInt(amountS);
                int exponent = Integer.parseInt(exponentS);
                MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
                QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
                vec.add(statment);
            } catch (Exception ex) {
                throw new Exception("invalid qc-eu-limit '" + m + "'");
            }
        }
        ASN1ObjectIdentifier extType = Extension.qCStatements;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    }
    // biometricInfo
    if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
        TypeOfBiometricData tmpBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
        ASN1ObjectIdentifier tmpBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
        byte[] biometricBytes = IoUtil.read(biometricFile);
        MessageDigest md = MessageDigest.getInstance(tmpBiometricHashAlgo.getId());
        md.reset();
        byte[] tmpBiometricDataHash = md.digest(biometricBytes);
        DERIA5String tmpSourceDataUri = null;
        if (biometricUri != null) {
            tmpSourceDataUri = new DERIA5String(biometricUri);
        }
        BiometricData biometricData = new BiometricData(tmpBiometricType, new AlgorithmIdentifier(tmpBiometricHashAlgo), new DEROctetString(tmpBiometricDataHash), tmpSourceDataUri);
        ASN1EncodableVector vec = new ASN1EncodableVector();
        vec.add(biometricData);
        ASN1ObjectIdentifier extType = Extension.biometricInfo;
        ASN1Sequence extValue = new DERSequence(vec);
        extensions.add(new Extension(extType, false, extValue.getEncoded()));
        needExtensionTypes.add(extType.getId());
    } else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
    // Do nothing
    } else {
        throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
    }
    for (Extension addExt : getAdditionalExtensions()) {
        extensions.add(addExt);
    }
    needExtensionTypes.addAll(getAdditionalNeedExtensionTypes());
    wantExtensionTypes.addAll(getAdditionalWantExtensionTypes());
    if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
        ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
        extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
    }
    ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
    Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<>();
    if (CollectionUtil.isNonEmpty(extensions)) {
        attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions.toArray(new Extension[0])));
    }
    if (StringUtil.isNotBlank(challengePassword)) {
        attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(challengePassword));
    }
    SubjectPublicKeyInfo subjectPublicKeyInfo;
    if (signer.getCertificate() != null) {
        Certificate cert = Certificate.getInstance(signer.getCertificate().getEncoded());
        subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo();
    } else {
        subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signer.getPublicKey());
    }
    X500Name subjectDn = getSubject(subject);
    PKCS10CertificationRequest csr = generateRequest(signer, subjectPublicKeyInfo, subjectDn, attributes);
    File file = new File(outputFilename);
    saveVerbose("saved CSR to file", file, csr.getEncoded());
    return null;
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) HashMap(java.util.HashMap) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) KeyUsage(org.xipki.security.KeyUsage) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) X500Name(org.bouncycastle.asn1.x500.X500Name) Extensions(org.bouncycastle.asn1.x509.Extensions) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) MessageDigest(java.security.MessageDigest) ExtendedKeyUsage(org.bouncycastle.asn1.x509.ExtendedKeyUsage) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) HashSet(java.util.HashSet) PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) LinkedList(java.util.LinkedList) BadInputException(org.xipki.security.exception.BadInputException) InvalidOidOrNameException(org.xipki.security.exception.InvalidOidOrNameException) XiSecurityException(org.xipki.security.exception.XiSecurityException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) Extension(org.bouncycastle.asn1.x509.Extension) StringTokenizer(java.util.StringTokenizer) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ConcurrentContentSigner(org.xipki.security.ConcurrentContentSigner) ExtensionExistence(org.xipki.security.ExtensionExistence) SignatureAlgoControl(org.xipki.security.SignatureAlgoControl) File(java.io.File) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 67 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class GetCrlCmd method execute0.

@Override
protected Object execute0() throws Exception {
    Certificate cert = Certificate.getInstance(IoUtil.read(certFile));
    ScepClient client = getScepClient();
    X509CRL crl = client.scepGetCrl(getIdentityKey(), getIdentityCert(), cert.getIssuer(), cert.getSerialNumber().getPositiveValue());
    if (crl == null) {
        throw new CmdFailure("received no CRL from server");
    }
    saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
    return null;
}
Also used : X509CRL(java.security.cert.X509CRL) CmdFailure(org.xipki.console.karaf.CmdFailure) ScepClient(org.xipki.scep.client.ScepClient) File(java.io.File) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 68 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CaLoadTestRevokeCmd method execute0.

@Override
protected Object execute0() throws Exception {
    if (numThreads < 1) {
        throw new IllegalCmdParamException("invalid number of threads " + numThreads);
    }
    if (!(serialNumberFile == null ^ caDbConfFile == null)) {
        throw new IllegalCmdParamException("exactly one of ca-db and serial-file must be specified");
    }
    String description = StringUtil.concatObjectsCap(200, "issuer: ", issuerCertFile, "\ncadb: ", caDbConfFile, "\nserialNumberFile: ", serialNumberFile, "\nmaxCerts: ", maxCerts, "\n#certs/req: ", num, "\nunit: ", num, " certificate", (num > 1 ? "s" : ""), "\n");
    Certificate caCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
    Properties props = new Properties();
    props.load(new FileInputStream(IoUtil.expandFilepath(caDbConfFile)));
    props.setProperty("autoCommit", "false");
    props.setProperty("readOnly", "true");
    props.setProperty("maximumPoolSize", "1");
    props.setProperty("minimumIdle", "1");
    DataSourceWrapper caDataSource = null;
    Iterator<BigInteger> serialNumberIterator;
    if (caDbConfFile != null) {
        caDataSource = new DataSourceFactory().createDataSource("ds-" + caDbConfFile, props, securityFactory.getPasswordResolver());
        serialNumberIterator = new DbGoodCertSerialIterator(caCert, caDataSource);
    } else {
        serialNumberIterator = new FileBigIntegerIterator(serialNumberFile, hex, false);
    }
    try {
        CaLoadTestRevoke loadTest = new CaLoadTestRevoke(caClient, caCert, serialNumberIterator, maxCerts, num, description);
        loadTest.setDuration(duration);
        loadTest.setThreads(numThreads);
        loadTest.test();
    } finally {
        if (caDataSource != null) {
            caDataSource.close();
        }
        if (serialNumberIterator instanceof FileBigIntegerIterator) {
            ((FileBigIntegerIterator) serialNumberIterator).close();
        }
    }
    return null;
}
Also used : DataSourceFactory(org.xipki.datasource.DataSourceFactory) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) BigInteger(java.math.BigInteger) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper) Properties(java.util.Properties) FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator) FileInputStream(java.io.FileInputStream) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 69 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class X509CertprofileQa method checkCert.

// constructor
public ValidationResult checkCert(byte[] certBytes, X509IssuerInfo issuerInfo, X500Name requestedSubject, SubjectPublicKeyInfo requestedPublicKey, Extensions requestedExtensions) {
    ParamUtil.requireNonNull("certBytes", certBytes);
    ParamUtil.requireNonNull("issuerInfo", issuerInfo);
    ParamUtil.requireNonNull("requestedSubject", requestedSubject);
    ParamUtil.requireNonNull("requestedPublicKey", requestedPublicKey);
    List<ValidationIssue> resultIssues = new LinkedList<ValidationIssue>();
    Certificate bcCert;
    TBSCertificate tbsCert;
    X509Certificate cert;
    ValidationIssue issue;
    // certificate size
    issue = new ValidationIssue("X509.SIZE", "certificate size");
    resultIssues.add(issue);
    Integer maxSize = certProfile.getMaxSize();
    if (maxSize != 0) {
        int size = certBytes.length;
        if (size > maxSize) {
            issue.setFailureMessage(String.format("certificate exceeds the maximal allowed size: %d > %d", size, maxSize));
        }
    }
    // certificate encoding
    issue = new ValidationIssue("X509.ENCODING", "certificate encoding");
    resultIssues.add(issue);
    try {
        bcCert = Certificate.getInstance(certBytes);
        tbsCert = bcCert.getTBSCertificate();
        cert = X509Util.parseCert(certBytes);
    } catch (CertificateException ex) {
        issue.setFailureMessage("certificate is not corrected encoded");
        return new ValidationResult(resultIssues);
    }
    // syntax version
    issue = new ValidationIssue("X509.VERSION", "certificate version");
    resultIssues.add(issue);
    int versionNumber = tbsCert.getVersionNumber();
    X509CertVersion expVersion = certProfile.getVersion();
    if (versionNumber != expVersion.getVersionNumber()) {
        issue.setFailureMessage("is '" + versionNumber + "' but expected '" + expVersion.getVersionNumber() + "'");
    }
    // serialNumber
    issue = new ValidationIssue("X509.serialNumber", "certificate serial number");
    resultIssues.add(issue);
    BigInteger serialNumber = tbsCert.getSerialNumber().getValue();
    if (serialNumber.signum() != 1) {
        issue.setFailureMessage("not positive");
    } else {
        if (serialNumber.bitLength() >= 160) {
            issue.setFailureMessage("serial number has more than 20 octets");
        }
    }
    // signatureAlgorithm
    List<String> signatureAlgorithms = certProfile.getSignatureAlgorithms();
    if (CollectionUtil.isNonEmpty(signatureAlgorithms)) {
        issue = new ValidationIssue("X509.SIGALG", "signature algorithm");
        resultIssues.add(issue);
        AlgorithmIdentifier sigAlgId = bcCert.getSignatureAlgorithm();
        AlgorithmIdentifier tbsSigAlgId = tbsCert.getSignature();
        if (!tbsSigAlgId.equals(sigAlgId)) {
            issue.setFailureMessage("Certificate.tbsCertificate.signature != Certificate.signatureAlgorithm");
        }
        try {
            String sigAlgo = AlgorithmUtil.getSignatureAlgoName(sigAlgId);
            if (!issue.isFailed()) {
                if (!signatureAlgorithms.contains(sigAlgo)) {
                    issue.setFailureMessage("signatureAlgorithm '" + sigAlgo + "' is not allowed");
                }
            }
            // check parameters
            if (!issue.isFailed()) {
                AlgorithmIdentifier expSigAlgId = AlgorithmUtil.getSigAlgId(sigAlgo);
                if (!expSigAlgId.equals(sigAlgId)) {
                    issue.setFailureMessage("invalid parameters");
                }
            }
        } catch (NoSuchAlgorithmException ex) {
            issue.setFailureMessage("unsupported signature algorithm " + sigAlgId.getAlgorithm().getId());
        }
    }
    // notBefore encoding
    issue = new ValidationIssue("X509.NOTBEFORE.ENCODING", "notBefore encoding");
    checkTime(tbsCert.getStartDate(), issue);
    // notAfter encoding
    issue = new ValidationIssue("X509.NOTAFTER.ENCODING", "notAfter encoding");
    checkTime(tbsCert.getStartDate(), issue);
    // notBefore
    if (certProfile.isNotBeforeMidnight()) {
        issue = new ValidationIssue("X509.NOTBEFORE", "notBefore midnight");
        resultIssues.add(issue);
        Calendar cal = Calendar.getInstance(UTC);
        cal.setTime(cert.getNotBefore());
        int hourOfDay = cal.get(Calendar.HOUR_OF_DAY);
        int minute = cal.get(Calendar.MINUTE);
        int second = cal.get(Calendar.SECOND);
        if (hourOfDay != 0 || minute != 0 || second != 0) {
            issue.setFailureMessage(" '" + cert.getNotBefore() + "' is not midnight time (UTC)");
        }
    }
    // validity
    issue = new ValidationIssue("X509.VALIDITY", "cert validity");
    resultIssues.add(issue);
    if (cert.getNotAfter().before(cert.getNotBefore())) {
        issue.setFailureMessage("notAfter must not be before notBefore");
    } else if (cert.getNotBefore().before(issuerInfo.getCaNotBefore())) {
        issue.setFailureMessage("notBefore must not be before CA's notBefore");
    } else {
        CertValidity validity = certProfile.getValidity();
        Date expectedNotAfter = validity.add(cert.getNotBefore());
        if (expectedNotAfter.getTime() > MAX_CERT_TIME_MS) {
            expectedNotAfter = new Date(MAX_CERT_TIME_MS);
        }
        if (issuerInfo.isCutoffNotAfter() && expectedNotAfter.after(issuerInfo.getCaNotAfter())) {
            expectedNotAfter = issuerInfo.getCaNotAfter();
        }
        if (Math.abs(expectedNotAfter.getTime() - cert.getNotAfter().getTime()) > 60 * SECOND) {
            issue.setFailureMessage("cert validity is not within " + validity.toString());
        }
    }
    // subjectPublicKeyInfo
    resultIssues.addAll(publicKeyChecker.checkPublicKey(bcCert.getSubjectPublicKeyInfo(), requestedPublicKey));
    // Signature
    issue = new ValidationIssue("X509.SIG", "whether certificate is signed by CA");
    resultIssues.add(issue);
    try {
        cert.verify(issuerInfo.getCert().getPublicKey(), "BC");
    } catch (Exception ex) {
        issue.setFailureMessage("invalid signature");
    }
    // issuer
    issue = new ValidationIssue("X509.ISSUER", "certificate issuer");
    resultIssues.add(issue);
    if (!cert.getIssuerX500Principal().equals(issuerInfo.getCert().getSubjectX500Principal())) {
        issue.setFailureMessage("issue in certificate does not equal the subject of CA certificate");
    }
    // subject
    resultIssues.addAll(subjectChecker.checkSubject(bcCert.getSubject(), requestedSubject));
    // issuerUniqueID
    issue = new ValidationIssue("X509.IssuerUniqueID", "issuerUniqueID");
    resultIssues.add(issue);
    if (tbsCert.getIssuerUniqueId() != null) {
        issue.setFailureMessage("is present but not permitted");
    }
    // subjectUniqueID
    issue = new ValidationIssue("X509.SubjectUniqueID", "subjectUniqueID");
    resultIssues.add(issue);
    if (tbsCert.getSubjectUniqueId() != null) {
        issue.setFailureMessage("is present but not permitted");
    }
    // extensions
    issue = new ValidationIssue("X509.GrantedSubject", "grantedSubject");
    resultIssues.add(issue);
    resultIssues.addAll(extensionsChecker.checkExtensions(bcCert, issuerInfo, requestedExtensions, requestedSubject));
    return new ValidationResult(resultIssues);
}
Also used : CertValidity(org.xipki.ca.api.profile.CertValidity) Calendar(java.util.Calendar) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ValidationResult(org.xipki.common.qa.ValidationResult) ValidationIssue(org.xipki.common.qa.ValidationIssue) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) CertprofileException(org.xipki.ca.api.profile.CertprofileException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) BigInteger(java.math.BigInteger) X509CertVersion(org.xipki.ca.api.profile.x509.X509CertVersion) BigInteger(java.math.BigInteger) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Example 70 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jasn1 by openmuc.

the class OtherSignedNotification method decode.

public int decode(InputStream is, boolean withTag) throws IOException {
    int tlByteCount = 0;
    int vByteCount = 0;
    BerTag berTag = new BerTag();
    if (withTag) {
        tlByteCount += tag.decodeAndCheck(is);
    }
    BerLength length = new BerLength();
    tlByteCount += length.decode(is);
    int lengthVal = length.val;
    vByteCount += berTag.decode(is);
    if (berTag.equals(NotificationMetadata.tag)) {
        tbsOtherNotification = new NotificationMetadata();
        vByteCount += tbsOtherNotification.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
        euiccNotificationSignature = new BerOctetString();
        vByteCount += euiccNotificationSignature.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(Certificate.tag)) {
        euiccCertificate = new Certificate();
        vByteCount += euiccCertificate.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(Certificate.tag)) {
        eumCertificate = new Certificate();
        vByteCount += eumCertificate.decode(is, false);
        if (lengthVal >= 0 && vByteCount == lengthVal) {
            return tlByteCount + vByteCount;
        }
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (lengthVal < 0) {
        while (!berTag.equals(0, 0, 0)) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            vByteCount += berTag.decode(is);
        }
        vByteCount += BerLength.readEocByte(is);
        return tlByteCount + vByteCount;
    } else {
        while (vByteCount < lengthVal) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            if (vByteCount == lengthVal) {
                return tlByteCount + vByteCount;
            }
            vByteCount += berTag.decode(is);
        }
    }
    throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used : IOException(java.io.IOException) Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5