Search in sources :

Example 31 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class OcspCertStoreDbImporter method importIssuer0.

private void importIssuer0(IssuerType issuer, PreparedStatement ps) throws DataAccessException, CertificateException, IOException {
    try {
        String certFilename = issuer.getCertFile();
        String b64Cert = new String(IoUtil.read(new File(baseDir, certFilename)));
        byte[] encodedCert = Base64.decode(b64Cert);
        Certificate cert;
        try {
            cert = Certificate.getInstance(encodedCert);
        } catch (RuntimeException ex) {
            LOG.error("could not parse certificate of issuer {}", issuer.getId());
            LOG.debug("could not parse certificate of issuer " + issuer.getId(), ex);
            throw new CertificateException(ex.getMessage(), ex);
        }
        int idx = 1;
        ps.setInt(idx++, issuer.getId());
        ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
        ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
        ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
        ps.setString(idx++, sha1(encodedCert));
        setBoolean(ps, idx++, issuer.isRevoked());
        setInt(ps, idx++, issuer.getRevReason());
        setLong(ps, idx++, issuer.getRevTime());
        setLong(ps, idx++, issuer.getRevInvTime());
        ps.setString(idx++, b64Cert);
        ps.execute();
    } catch (SQLException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw translate(SQL_ADD_ISSUER, ex);
    } catch (CertificateException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw ex;
    }
}
Also used : SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) ZipFile(java.util.zip.ZipFile) File(java.io.File) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 32 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class BenchmarkOcspStatusCmd method execute0.

@Override
protected Object execute0() throws Exception {
    int ii = 0;
    if (serialNumberList != null) {
        ii++;
    }
    if (serialNumberFile != null) {
        ii++;
    }
    if (CollectionUtil.isNonEmpty(certFiles)) {
        ii++;
    }
    if (ii != 1) {
        throw new IllegalCmdParamException("exactly one of serial, serial-file and cert must be specified");
    }
    if (numThreads < 1) {
        throw new IllegalCmdParamException("invalid number of threads " + numThreads);
    }
    Iterator<BigInteger> serialNumberIterator;
    if (serialNumberFile != null) {
        serialNumberIterator = new FileBigIntegerIterator(IoUtil.expandFilepath(serialNumberFile), hex, true);
    } else {
        List<BigIntegerRange> serialNumbers = new LinkedList<>();
        if (serialNumberList != null) {
            StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
            while (st.hasMoreTokens()) {
                String token = st.nextToken();
                StringTokenizer st2 = new StringTokenizer(token, "-");
                BigInteger from = toBigInt(st2.nextToken(), hex);
                BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : from;
                serialNumbers.add(new BigIntegerRange(from, to));
            }
        } else if (certFiles != null) {
            for (String certFile : certFiles) {
                X509Certificate cert;
                try {
                    cert = X509Util.parseCert(certFile);
                } catch (Exception ex) {
                    throw new IllegalCmdParamException("invalid certificate file  '" + certFile + "'", ex);
                }
                BigInteger serial = cert.getSerialNumber();
                serialNumbers.add(new BigIntegerRange(serial, serial));
            }
        }
        serialNumberIterator = new RangeBigIntegerIterator(serialNumbers, true);
    }
    try {
        String description = StringUtil.concatObjects("issuer cert: ", issuerCertFile, "\nserver URL: ", serverUrl, "\nmaxRequest: ", maxRequests, "\nhash: ", hashAlgo);
        Certificate issuerCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
        RequestOptions options = getRequestOptions();
        OcspBenchmark loadTest = new OcspBenchmark(issuerCert, serverUrl, options, serialNumberIterator, maxRequests, analyzeResponse, queueSize, description.toString());
        loadTest.setDuration(duration);
        loadTest.setThreads(numThreads);
        loadTest.test();
    } finally {
        if (serialNumberIterator instanceof FileBigIntegerIterator) {
            ((FileBigIntegerIterator) serialNumberIterator).close();
        }
    }
    return null;
}
Also used : BigIntegerRange(org.xipki.common.util.BigIntegerRange) RequestOptions(org.xipki.ocsp.client.api.RequestOptions) OcspBenchmark(org.xipki.ocsp.qa.benchmark.OcspBenchmark) FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) StringTokenizer(java.util.StringTokenizer) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) BigInteger(java.math.BigInteger) RangeBigIntegerIterator(org.xipki.common.util.RangeBigIntegerIterator) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 33 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jasn1 by openmuc.

the class InitiateAuthenticationOkEs9 method decode.

public int decode(InputStream is, boolean withTag) throws IOException {
    int tlByteCount = 0;
    int vByteCount = 0;
    BerTag berTag = new BerTag();
    if (withTag) {
        tlByteCount += tag.decodeAndCheck(is);
    }
    BerLength length = new BerLength();
    tlByteCount += length.decode(is);
    int lengthVal = length.val;
    vByteCount += berTag.decode(is);
    if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
        transactionId = new TransactionId();
        vByteCount += transactionId.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(ServerSigned1.tag)) {
        serverSigned1 = new ServerSigned1();
        vByteCount += serverSigned1.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
        serverSignature1 = new BerOctetString();
        vByteCount += serverSignature1.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(SubjectKeyIdentifier.tag)) {
        euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
        vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(Certificate.tag)) {
        serverCertificate = new Certificate();
        vByteCount += serverCertificate.decode(is, false);
        if (lengthVal >= 0 && vByteCount == lengthVal) {
            return tlByteCount + vByteCount;
        }
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (lengthVal < 0) {
        while (!berTag.equals(0, 0, 0)) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            vByteCount += berTag.decode(is);
        }
        vByteCount += BerLength.readEocByte(is);
        return tlByteCount + vByteCount;
    } else {
        while (vByteCount < lengthVal) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            if (vByteCount == lengthVal) {
                return tlByteCount + vByteCount;
            }
            vByteCount += berTag.decode(is);
        }
    }
    throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used : IOException(java.io.IOException) SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier) Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)

Example 34 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jasn1 by openmuc.

the class AuthenticateServerRequest method decode.

public int decode(InputStream is, boolean withTag) throws IOException {
    int tlByteCount = 0;
    int vByteCount = 0;
    int numDecodedBytes;
    BerTag berTag = new BerTag();
    if (withTag) {
        tlByteCount += tag.decodeAndCheck(is);
    }
    BerLength length = new BerLength();
    tlByteCount += length.decode(is);
    int lengthVal = length.val;
    vByteCount += berTag.decode(is);
    if (berTag.equals(ServerSigned1.tag)) {
        serverSigned1 = new ServerSigned1();
        vByteCount += serverSigned1.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
        serverSignature1 = new BerOctetString();
        vByteCount += serverSignature1.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(SubjectKeyIdentifier.tag)) {
        euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
        vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(Certificate.tag)) {
        serverCertificate = new Certificate();
        vByteCount += serverCertificate.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    ctxParams1 = new CtxParams1();
    numDecodedBytes = ctxParams1.decode(is, berTag);
    if (numDecodedBytes != 0) {
        vByteCount += numDecodedBytes;
        if (lengthVal >= 0 && vByteCount == lengthVal) {
            return tlByteCount + vByteCount;
        }
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (lengthVal < 0) {
        while (!berTag.equals(0, 0, 0)) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            vByteCount += berTag.decode(is);
        }
        vByteCount += BerLength.readEocByte(is);
        return tlByteCount + vByteCount;
    } else {
        while (vByteCount < lengthVal) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            if (vByteCount == lengthVal) {
                return tlByteCount + vByteCount;
            }
            vByteCount += berTag.decode(is);
        }
    }
    throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used : IOException(java.io.IOException) SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier) Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)

Example 35 with Certificate

use of com.beanit.asn1bean.compiler.pkix1explicit88.Certificate in project jasn1 by openmuc.

the class AuthenticateClientOk method decode.

public int decode(InputStream is, boolean withTag) throws IOException {
    int tlByteCount = 0;
    int vByteCount = 0;
    BerTag berTag = new BerTag();
    if (withTag) {
        tlByteCount += tag.decodeAndCheck(is);
    }
    BerLength length = new BerLength();
    tlByteCount += length.decode(is);
    int lengthVal = length.val;
    vByteCount += berTag.decode(is);
    if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
        transactionId = new TransactionId();
        vByteCount += transactionId.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.CONSTRUCTED, 37)) {
        profileMetaData = new StoreMetadataRequest();
        vByteCount += profileMetaData.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(SmdpSigned2.tag)) {
        smdpSigned2 = new SmdpSigned2();
        vByteCount += smdpSigned2.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
        smdpSignature2 = new BerOctetString();
        vByteCount += smdpSignature2.decode(is, false);
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (berTag.equals(Certificate.tag)) {
        smdpCertificate = new Certificate();
        vByteCount += smdpCertificate.decode(is, false);
        if (lengthVal >= 0 && vByteCount == lengthVal) {
            return tlByteCount + vByteCount;
        }
        vByteCount += berTag.decode(is);
    } else {
        throw new IOException("Tag does not match mandatory sequence component.");
    }
    if (lengthVal < 0) {
        while (!berTag.equals(0, 0, 0)) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            vByteCount += berTag.decode(is);
        }
        vByteCount += BerLength.readEocByte(is);
        return tlByteCount + vByteCount;
    } else {
        while (vByteCount < lengthVal) {
            vByteCount += DecodeUtil.decodeUnknownComponent(is);
            if (vByteCount == lengthVal) {
                return tlByteCount + vByteCount;
            }
            vByteCount += berTag.decode(is);
        }
    }
    throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used : IOException(java.io.IOException) Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 File (java.io.File)11 Test (org.junit.Test)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5