Search in sources :

Example 21 with CertificateList

use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project jasn1 by openmuc.

the class SegmentedCrlList method decode.

public int decode(InputStream is, boolean withTag) throws IOException {
    int tlByteCount = 0;
    int vByteCount = 0;
    BerTag berTag = new BerTag();
    if (withTag) {
        tlByteCount += tag.decodeAndCheck(is);
    }
    BerLength length = new BerLength();
    tlByteCount += length.decode(is);
    int lengthVal = length.val;
    while (vByteCount < lengthVal || lengthVal < 0) {
        vByteCount += berTag.decode(is);
        if (lengthVal < 0 && berTag.equals(0, 0, 0)) {
            vByteCount += BerLength.readEocByte(is);
            break;
        }
        if (!berTag.equals(CertificateList.tag)) {
            throw new IOException("Tag does not match mandatory sequence of/set of component.");
        }
        CertificateList element = new CertificateList();
        vByteCount += element.decode(is, false);
        seqOf.add(element);
    }
    if (lengthVal >= 0 && vByteCount != lengthVal) {
        throw new IOException("Decoded SequenceOf or SetOf has wrong length. Expected " + lengthVal + " but has " + vByteCount);
    }
    return tlByteCount + vByteCount;
}
Also used : CertificateList(com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList) IOException(java.io.IOException)

Example 22 with CertificateList

use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project xipki by xipki.

the class ScepResponder method getCrl.

// method buildSignedData
private SignedData getCrl(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException {
    if (!control.isSupportGetCrl()) {
        throw FailInfoException.BAD_REQUEST;
    }
    CertificateList crl = ca.getBcCurrentCrl(MSGID_scep);
    if (crl == null) {
        LOG.error("found no CRL");
        throw FailInfoException.BAD_REQUEST;
    }
    CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
    cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
    CMSSignedData signedData;
    try {
        signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
    } catch (CMSException ex) {
        LogUtil.error(LOG, ex, "could not generate CMSSignedData");
        throw new OperationException(SYSTEM_FAILURE, ex);
    }
    return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
Also used : CertificateList(org.bouncycastle.asn1.x509.CertificateList) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) OperationException(org.xipki.ca.api.OperationException)

Example 23 with CertificateList

use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project xipki by xipki.

the class CertStore method getCertsForDeltaCrl.

// method getRevokedCerts
public List<CertRevInfoWithSerial> getCertsForDeltaCrl(NameId ca, BigInteger baseCrlNumber, Date notExpiredAt) throws OperationException {
    notNulls(ca, "ca", notExpiredAt, "notExpiredAt", baseCrlNumber, "baseCrlNumber");
    // Get the Base FullCRL
    byte[] encodedCrl = getEncodedCrl(ca, baseCrlNumber);
    CertificateList crl = CertificateList.getInstance(encodedCrl);
    // Get revoked certs in CRL
    Enumeration<?> revokedCertsInCrl = crl.getRevokedCertificateEnumeration();
    Set<BigInteger> allSnSet = null;
    boolean supportInSql = datasource.getDatabaseType().supportsInArray();
    List<BigInteger> snList = new LinkedList<>();
    List<CertRevInfoWithSerial> ret = new LinkedList<>();
    PreparedStatement ps = null;
    try {
        while (revokedCertsInCrl.hasMoreElements()) {
            CRLEntry crlEntry = (CRLEntry) revokedCertsInCrl.nextElement();
            if (allSnSet == null) {
                // guess the size of revoked certificate, very rough
                int averageSize = encodedCrl.length / crlEntry.getEncoded().length;
                allSnSet = new HashSet<>((int) (1.1 * averageSize));
            }
            BigInteger sn = crlEntry.getUserCertificate().getPositiveValue();
            snList.add(sn);
            allSnSet.add(sn);
            if (!supportInSql) {
                continue;
            }
            if (snList.size() == 100) {
                // due to the memory consumption do not use the executeQueryPreparedStament0() method.
                if (ps == null) {
                    ps = prepareStatement(sqlSelectUnrevokedSn100);
                }
                for (int i = 1; i < 101; i++) {
                    ps.setString(i, snList.get(i - 1).toString(16));
                }
                snList.clear();
                ResultSet rs = ps.executeQuery();
                try {
                    while (rs.next()) {
                        ret.add(new CertRevInfoWithSerial(0L, new BigInteger(rs.getString("SN"), 16), // reason
                        CrlReason.REMOVE_FROM_CRL, // revocationTime,
                        new Date(100L * rs.getLong("LUPDATE")), // invalidityTime
                        null));
                    }
                } finally {
                    datasource.releaseResources(null, rs);
                }
            }
        }
    } catch (SQLException ex) {
        throw new OperationException(DATABASE_FAILURE, datasource.translate(sqlSelectUnrevokedSn100, ex).getMessage());
    } catch (IOException ex) {
        throw new OperationException(CRL_FAILURE, ex.getMessage());
    } finally {
        datasource.releaseResources(ps, null);
    }
    if (!snList.isEmpty()) {
        // check whether revoked certificates have been unrevoked.
        ps = prepareStatement(sqlSelectUnrevokedSn);
        try {
            for (BigInteger sn : snList) {
                ps.setString(1, sn.toString(16));
                ResultSet rs = ps.executeQuery();
                try {
                    if (rs.next()) {
                        ret.add(new CertRevInfoWithSerial(0L, sn, CrlReason.REMOVE_FROM_CRL, // revocationTime,
                        new Date(100L * rs.getLong("LUPDATE")), // invalidityTime
                        null));
                    }
                } finally {
                    datasource.releaseResources(null, rs);
                }
            }
        } catch (SQLException ex) {
            throw new OperationException(DATABASE_FAILURE, datasource.translate(sqlSelectUnrevokedSn, ex).getMessage());
        } finally {
            datasource.releaseResources(ps, null);
        }
    }
    // get list of certificates revoked after the generation of Base FullCRL
    // we check all revoked certificates with LUPDATE field (last update) > THISUPDATE - 1.
    final int numEntries = 1000;
    String coreSql = "ID,SN,RR,RT,RIT FROM CERT WHERE ID>? AND CA_ID=? AND REV=1 AND NAFTER>? AND LUPDATE>?";
    String sql = datasource.buildSelectFirstSql(numEntries, "ID ASC", coreSql);
    ps = prepareStatement(sql);
    long startId = 1;
    // -1: so that no entry is ignored: consider all revoked certificates with
    // Database.lastUpdate >= CRL.thisUpdate
    final long updatedSince = crl.getThisUpdate().getDate().getTime() / 1000 - 1;
    try {
        ResultSet rs;
        while (true) {
            ps.setLong(1, startId - 1);
            ps.setInt(2, ca.getId());
            ps.setLong(3, notExpiredAt.getTime() / 1000 + 1);
            ps.setLong(4, updatedSince);
            rs = ps.executeQuery();
            try {
                int num = 0;
                while (rs.next()) {
                    num++;
                    long id = rs.getLong("ID");
                    if (id > startId) {
                        startId = id;
                    }
                    BigInteger sn = new BigInteger(rs.getString("SN"), 16);
                    if (allSnSet != null && allSnSet.contains(sn)) {
                        // already contained in CRL
                        continue;
                    }
                    long revInvalidityTime = rs.getLong("RIT");
                    Date invalidityTime = (revInvalidityTime == 0) ? null : new Date(1000 * revInvalidityTime);
                    CertRevInfoWithSerial revInfo = new CertRevInfoWithSerial(id, sn, rs.getInt("RR"), new Date(1000 * rs.getLong("RT")), invalidityTime);
                    ret.add(revInfo);
                }
                if (num < numEntries) {
                    // no more entries
                    break;
                }
            } finally {
                datasource.releaseResources(null, rs);
            }
        }
    } catch (SQLException ex) {
        throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage());
    } finally {
        datasource.releaseResources(ps, null);
    }
    return ret;
}
Also used : SQLException(java.sql.SQLException) CertificateList(org.bouncycastle.asn1.x509.CertificateList) PreparedStatement(java.sql.PreparedStatement) CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry) IOException(java.io.IOException) ResultSet(java.sql.ResultSet) BigInteger(java.math.BigInteger) OperationException(org.xipki.ca.api.OperationException)

Example 24 with CertificateList

use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project signer by demoiselle.

the class RevocationValues method getValue.

@Override
public Attribute getValue() throws SignerException {
    List<X509CRL> crlList = new ArrayList<X509CRL>();
    ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
    List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
    try {
        int chainSize = certificates.length - 1;
        for (int ix = 0; ix < chainSize; ix++) {
            X509Certificate cert = (X509Certificate) certificates[ix];
            Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
            for (ICPBR_CRL icpCrl : icpCrls) {
                crlList.add(icpCrl.getCRL());
            }
        }
        if (crlList.isEmpty()) {
            throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
        } else {
            for (X509CRL varCrl : crlList) {
                crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
            }
        }
        CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
        BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
        // org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
        return new Attribute(identifier, new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
    } catch (Exception e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : X509CRL(java.security.cert.X509CRL) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) Attribute(org.bouncycastle.asn1.cms.Attribute) ArrayList(java.util.ArrayList) CertificateList(org.bouncycastle.asn1.x509.CertificateList) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) DERSequence(org.bouncycastle.asn1.DERSequence) BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)

Example 25 with CertificateList

use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project kubernetes-client by fabric8io.

the class V1CertificateCrudTest method shouldReturnEmptyList.

@Test
void shouldReturnEmptyList() {
    CertificateList certificateList = client.v1().certificates().inNamespace("ns1").list();
    assertNotNull(certificateList);
    assertTrue(certificateList.getItems().isEmpty());
}
Also used : CertificateList(io.fabric8.certmanager.api.model.v1.CertificateList) Test(org.junit.jupiter.api.Test)

Aggregations

CertificateList (org.bouncycastle.asn1.x509.CertificateList)13 IOException (java.io.IOException)9 Test (org.junit.jupiter.api.Test)8 CRLException (java.security.cert.CRLException)6 X509CRL (java.security.cert.X509CRL)5 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5 OperationException (org.xipki.ca.api.OperationException)5 DefaultCertManagerClient (io.fabric8.certmanager.client.DefaultCertManagerClient)4 NamespacedCertManagerClient (io.fabric8.certmanager.client.NamespacedCertManagerClient)4 CertificateList (io.fabric8.certmanager.api.model.v1.CertificateList)3 CertificateList (io.fabric8.certmanager.api.model.v1alpha2.CertificateList)3 CertificateList (io.fabric8.certmanager.api.model.v1alpha3.CertificateList)3 CertificateList (io.fabric8.certmanager.api.model.v1beta1.CertificateList)3 BigInteger (java.math.BigInteger)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 CertificateList (com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)2 Certificate (io.fabric8.certmanager.api.model.v1.Certificate)2 CertificateBuilder (io.fabric8.certmanager.api.model.v1.CertificateBuilder)2