Example 21 with CertificateList
use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project jasn1 by openmuc.
the class SegmentedCrlList method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
while (vByteCount < lengthVal || lengthVal < 0) {
vByteCount += berTag.decode(is);
if (lengthVal < 0 && berTag.equals(0, 0, 0)) {
vByteCount += BerLength.readEocByte(is);
break;
}
if (!berTag.equals(CertificateList.tag)) {
throw new IOException("Tag does not match mandatory sequence of/set of component.");
}
CertificateList element = new CertificateList();
vByteCount += element.decode(is, false);
seqOf.add(element);
}
if (lengthVal >= 0 && vByteCount != lengthVal) {
throw new IOException("Decoded SequenceOf or SetOf has wrong length. Expected " + lengthVal + " but has " + vByteCount);
}
return tlByteCount + vByteCount;
}
Also used :
CertificateList(com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)
IOException(java.io.IOException)
Example 22 with CertificateList
use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project xipki by xipki.
the class ScepResponder method getCrl.
// method buildSignedData
private SignedData getCrl(X509Ca ca, BigInteger serialNumber) throws FailInfoException, OperationException {
if (!control.isSupportGetCrl()) {
throw FailInfoException.BAD_REQUEST;
}
CertificateList crl = ca.getBcCurrentCrl(MSGID_scep);
if (crl == null) {
LOG.error("found no CRL");
throw FailInfoException.BAD_REQUEST;
}
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData signedData;
try {
signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
LogUtil.error(LOG, ex, "could not generate CMSSignedData");
throw new OperationException(SYSTEM_FAILURE, ex);
}
return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
Also used :
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
OperationException(org.xipki.ca.api.OperationException)
Example 23 with CertificateList
use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project xipki by xipki.
the class CertStore method getCertsForDeltaCrl.
// method getRevokedCerts
public List<CertRevInfoWithSerial> getCertsForDeltaCrl(NameId ca, BigInteger baseCrlNumber, Date notExpiredAt) throws OperationException {
notNulls(ca, "ca", notExpiredAt, "notExpiredAt", baseCrlNumber, "baseCrlNumber");
// Get the Base FullCRL
byte[] encodedCrl = getEncodedCrl(ca, baseCrlNumber);
CertificateList crl = CertificateList.getInstance(encodedCrl);
// Get revoked certs in CRL
Enumeration<?> revokedCertsInCrl = crl.getRevokedCertificateEnumeration();
Set<BigInteger> allSnSet = null;
boolean supportInSql = datasource.getDatabaseType().supportsInArray();
List<BigInteger> snList = new LinkedList<>();
List<CertRevInfoWithSerial> ret = new LinkedList<>();
PreparedStatement ps = null;
try {
while (revokedCertsInCrl.hasMoreElements()) {
CRLEntry crlEntry = (CRLEntry) revokedCertsInCrl.nextElement();
if (allSnSet == null) {
// guess the size of revoked certificate, very rough
int averageSize = encodedCrl.length / crlEntry.getEncoded().length;
allSnSet = new HashSet<>((int) (1.1 * averageSize));
}
BigInteger sn = crlEntry.getUserCertificate().getPositiveValue();
snList.add(sn);
allSnSet.add(sn);
if (!supportInSql) {
continue;
}
if (snList.size() == 100) {
// due to the memory consumption do not use the executeQueryPreparedStament0() method.
if (ps == null) {
ps = prepareStatement(sqlSelectUnrevokedSn100);
}
for (int i = 1; i < 101; i++) {
ps.setString(i, snList.get(i - 1).toString(16));
}
snList.clear();
ResultSet rs = ps.executeQuery();
try {
while (rs.next()) {
ret.add(new CertRevInfoWithSerial(0L, new BigInteger(rs.getString("SN"), 16), // reason
CrlReason.REMOVE_FROM_CRL, // revocationTime,
new Date(100L * rs.getLong("LUPDATE")), // invalidityTime
null));
}
} finally {
datasource.releaseResources(null, rs);
}
}
}
} catch (SQLException ex) {
throw new OperationException(DATABASE_FAILURE, datasource.translate(sqlSelectUnrevokedSn100, ex).getMessage());
} catch (IOException ex) {
throw new OperationException(CRL_FAILURE, ex.getMessage());
} finally {
datasource.releaseResources(ps, null);
}
if (!snList.isEmpty()) {
// check whether revoked certificates have been unrevoked.
ps = prepareStatement(sqlSelectUnrevokedSn);
try {
for (BigInteger sn : snList) {
ps.setString(1, sn.toString(16));
ResultSet rs = ps.executeQuery();
try {
if (rs.next()) {
ret.add(new CertRevInfoWithSerial(0L, sn, CrlReason.REMOVE_FROM_CRL, // revocationTime,
new Date(100L * rs.getLong("LUPDATE")), // invalidityTime
null));
}
} finally {
datasource.releaseResources(null, rs);
}
}
} catch (SQLException ex) {
throw new OperationException(DATABASE_FAILURE, datasource.translate(sqlSelectUnrevokedSn, ex).getMessage());
} finally {
datasource.releaseResources(ps, null);
}
}
// get list of certificates revoked after the generation of Base FullCRL
// we check all revoked certificates with LUPDATE field (last update) > THISUPDATE - 1.
final int numEntries = 1000;
String coreSql = "ID,SN,RR,RT,RIT FROM CERT WHERE ID>? AND CA_ID=? AND REV=1 AND NAFTER>? AND LUPDATE>?";
String sql = datasource.buildSelectFirstSql(numEntries, "ID ASC", coreSql);
ps = prepareStatement(sql);
long startId = 1;
// -1: so that no entry is ignored: consider all revoked certificates with
// Database.lastUpdate >= CRL.thisUpdate
final long updatedSince = crl.getThisUpdate().getDate().getTime() / 1000 - 1;
try {
ResultSet rs;
while (true) {
ps.setLong(1, startId - 1);
ps.setInt(2, ca.getId());
ps.setLong(3, notExpiredAt.getTime() / 1000 + 1);
ps.setLong(4, updatedSince);
rs = ps.executeQuery();
try {
int num = 0;
while (rs.next()) {
num++;
long id = rs.getLong("ID");
if (id > startId) {
startId = id;
}
BigInteger sn = new BigInteger(rs.getString("SN"), 16);
if (allSnSet != null && allSnSet.contains(sn)) {
// already contained in CRL
continue;
}
long revInvalidityTime = rs.getLong("RIT");
Date invalidityTime = (revInvalidityTime == 0) ? null : new Date(1000 * revInvalidityTime);
CertRevInfoWithSerial revInfo = new CertRevInfoWithSerial(id, sn, rs.getInt("RR"), new Date(1000 * rs.getLong("RT")), invalidityTime);
ret.add(revInfo);
}
if (num < numEntries) {
// no more entries
break;
}
} finally {
datasource.releaseResources(null, rs);
}
}
} catch (SQLException ex) {
throw new OperationException(DATABASE_FAILURE, datasource.translate(sql, ex).getMessage());
} finally {
datasource.releaseResources(ps, null);
}
return ret;
}
Also used :
SQLException(java.sql.SQLException)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
PreparedStatement(java.sql.PreparedStatement)
CRLEntry(org.bouncycastle.asn1.x509.TBSCertList.CRLEntry)
IOException(java.io.IOException)
ResultSet(java.sql.ResultSet)
BigInteger(java.math.BigInteger)
OperationException(org.xipki.ca.api.OperationException)
Example 24 with CertificateList
use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project signer by demoiselle.
the class RevocationValues method getValue.
@Override
public Attribute getValue() throws SignerException {
List<X509CRL> crlList = new ArrayList<X509CRL>();
ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
try {
int chainSize = certificates.length - 1;
for (int ix = 0; ix < chainSize; ix++) {
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crlList.add(icpCrl.getCRL());
}
}
if (crlList.isEmpty()) {
throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
} else {
for (X509CRL varCrl : crlList) {
crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
}
}
CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
// org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
return new Attribute(identifier, new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
} catch (Exception e) {
throw new SignerException(e.getMessage());
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
Attribute(org.bouncycastle.asn1.cms.Attribute)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL)
DERSequence(org.bouncycastle.asn1.DERSequence)
BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
Example 25 with CertificateList
use of com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList in project kubernetes-client by fabric8io.
the class V1CertificateCrudTest method shouldReturnEmptyList.
@Test
void shouldReturnEmptyList() {
CertificateList certificateList = client.v1().certificates().inNamespace("ns1").list();
assertNotNull(certificateList);
assertTrue(certificateList.getItems().isEmpty());
}
Also used :
CertificateList(io.fabric8.certmanager.api.model.v1.CertificateList)
Test(org.junit.jupiter.api.Test)
Aggregations
CertificateList (org.bouncycastle.asn1.x509.CertificateList)13
IOException (java.io.IOException)9
Test (org.junit.jupiter.api.Test)8
CRLException (java.security.cert.CRLException)6
X509CRL (java.security.cert.X509CRL)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5
OperationException (org.xipki.ca.api.OperationException)5
DefaultCertManagerClient (io.fabric8.certmanager.client.DefaultCertManagerClient)4
NamespacedCertManagerClient (io.fabric8.certmanager.client.NamespacedCertManagerClient)4
CertificateList (io.fabric8.certmanager.api.model.v1.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha2.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha3.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1beta1.CertificateList)3
BigInteger (java.math.BigInteger)3
ArrayList (java.util.ArrayList)3
Date (java.util.Date)3
CertificateList (com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)2
Certificate (io.fabric8.certmanager.api.model.v1.Certificate)2
CertificateBuilder (io.fabric8.certmanager.api.model.v1.CertificateBuilder)2
