Example 6 with CRLNumber
use of com.github.zhenwei.core.asn1.x509.CRLNumber in project xipki by xipki.
the class CaCertStoreDbImporter method importEntries.
private long importEntries(CaDbEntryType type, String entriesZipFile, long minId, File processLogFile, ProcessLog processLog, int numProcessedInLastProcess, PreparedStatement[] statements, String[] sqls) throws Exception {
final int numEntriesPerCommit = Math.max(1, Math.round(type.getSqlBatchFactor() * numCertsPerCommit));
ZipFile zipFile = new ZipFile(new File(entriesZipFile));
ZipEntry entriesXmlEntry = zipFile.getEntry("overview.xml");
DbiXmlReader entries;
try {
entries = createReader(type, zipFile.getInputStream(entriesXmlEntry));
} catch (Exception ex) {
try {
zipFile.close();
} catch (Exception e2) {
LOG.error("could not close ZIP file {}: {}", entriesZipFile, e2.getMessage());
LOG.debug("could not close ZIP file " + entriesZipFile, e2);
}
throw ex;
}
disableAutoCommit();
try {
int numEntriesInBatch = 0;
long lastSuccessfulEntryId = 0;
while (entries.hasNext()) {
if (stopMe.get()) {
throw new InterruptedException("interrupted by the user");
}
IdentifidDbObjectType entry = (IdentifidDbObjectType) entries.next();
long id = entry.getId();
if (id < minId) {
continue;
}
numEntriesInBatch++;
if (CaDbEntryType.CERT == type) {
CertType cert = (CertType) entry;
int certArt = (cert.getArt() == null) ? 1 : cert.getArt();
String filename = cert.getFile();
// rawcert
ZipEntry certZipEnty = zipFile.getEntry(filename);
// rawcert
byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty));
TBSCertificate tbsCert;
try {
Certificate cc = Certificate.getInstance(encodedCert);
tbsCert = cc.getTBSCertificate();
} catch (RuntimeException ex) {
LOG.error("could not parse certificate in file {}", filename);
LOG.debug("could not parse certificate in file " + filename, ex);
throw new CertificateException(ex.getMessage(), ex);
}
byte[] encodedKey = tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
String b64Sha1FpCert = HashAlgo.SHA1.base64Hash(encodedCert);
// cert
String subjectText = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen);
PreparedStatement psCert = statements[0];
PreparedStatement psRawcert = statements[1];
try {
int idx = 1;
psCert.setLong(idx++, id);
psCert.setInt(idx++, certArt);
psCert.setLong(idx++, cert.getUpdate());
psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
psCert.setString(idx++, subjectText);
long fpSubject = X509Util.fpCanonicalizedName(tbsCert.getSubject());
psCert.setLong(idx++, fpSubject);
if (cert.getFpRs() != null) {
psCert.setLong(idx++, cert.getFpRs());
} else {
psCert.setNull(idx++, Types.BIGINT);
}
psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
setBoolean(psCert, idx++, cert.getRev());
setInt(psCert, idx++, cert.getRr());
setLong(psCert, idx++, cert.getRt());
setLong(psCert, idx++, cert.getRit());
setInt(psCert, idx++, cert.getPid());
setInt(psCert, idx++, cert.getCaId());
setInt(psCert, idx++, cert.getRid());
setInt(psCert, idx++, cert.getUid());
psCert.setLong(idx++, FpIdCalculator.hash(encodedKey));
Extension extension = tbsCert.getExtensions().getExtension(Extension.basicConstraints);
boolean ee = true;
if (extension != null) {
ASN1Encodable asn1 = extension.getParsedValue();
ee = !BasicConstraints.getInstance(asn1).isCA();
}
psCert.setInt(idx++, ee ? 1 : 0);
psCert.setInt(idx++, cert.getReqType());
String tidS = null;
if (cert.getTid() != null) {
tidS = cert.getTid();
}
psCert.setString(idx++, tidS);
psCert.addBatch();
} catch (SQLException ex) {
throw translate(SQL_ADD_CERT, ex);
}
try {
int idx = 1;
psRawcert.setLong(idx++, cert.getId());
psRawcert.setString(idx++, b64Sha1FpCert);
psRawcert.setString(idx++, cert.getRs());
psRawcert.setString(idx++, Base64.encodeToString(encodedCert));
psRawcert.addBatch();
} catch (SQLException ex) {
throw translate(SQL_ADD_CRAW, ex);
}
} else if (CaDbEntryType.CRL == type) {
PreparedStatement psAddCrl = statements[0];
CrlType crl = (CrlType) entry;
String filename = crl.getFile();
// CRL
ZipEntry zipEnty = zipFile.getEntry(filename);
// rawcert
byte[] encodedCrl = IoUtil.read(zipFile.getInputStream(zipEnty));
X509CRL x509crl = null;
try {
x509crl = X509Util.parseCrl(encodedCrl);
} catch (Exception ex) {
LOG.error("could not parse CRL in file {}", filename);
LOG.debug("could not parse CRL in file " + filename, ex);
if (ex instanceof CRLException) {
throw (CRLException) ex;
} else {
throw new CRLException(ex.getMessage(), ex);
}
}
try {
byte[] octetString = x509crl.getExtensionValue(Extension.cRLNumber.getId());
if (octetString == null) {
LOG.warn("CRL without CRL number, ignore it");
continue;
}
byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
// CHECKSTYLE:SKIP
BigInteger crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
BigInteger baseCrlNumber = null;
octetString = x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
if (octetString != null) {
extnValue = DEROctetString.getInstance(octetString).getOctets();
baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
}
int idx = 1;
psAddCrl.setLong(idx++, crl.getId());
psAddCrl.setInt(idx++, crl.getCaId());
psAddCrl.setLong(idx++, crlNumber.longValue());
psAddCrl.setLong(idx++, x509crl.getThisUpdate().getTime() / 1000);
if (x509crl.getNextUpdate() != null) {
psAddCrl.setLong(idx++, x509crl.getNextUpdate().getTime() / 1000);
} else {
psAddCrl.setNull(idx++, Types.INTEGER);
}
if (baseCrlNumber == null) {
setBoolean(psAddCrl, idx++, false);
psAddCrl.setNull(idx++, Types.BIGINT);
} else {
setBoolean(psAddCrl, idx++, true);
psAddCrl.setLong(idx++, baseCrlNumber.longValue());
}
String str = Base64.encodeToString(encodedCrl);
psAddCrl.setString(idx++, str);
psAddCrl.addBatch();
} catch (SQLException ex) {
System.err.println("could not import CRL with ID=" + crl.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else if (CaDbEntryType.REQUEST == type) {
PreparedStatement psAddRequest = statements[0];
RequestType request = (RequestType) entry;
String filename = request.getFile();
ZipEntry zipEnty = zipFile.getEntry(filename);
byte[] encodedRequest = IoUtil.read(zipFile.getInputStream(zipEnty));
try {
int idx = 1;
psAddRequest.setLong(idx++, request.getId());
psAddRequest.setLong(idx++, request.getUpdate());
psAddRequest.setString(idx++, Base64.encodeToString(encodedRequest));
psAddRequest.addBatch();
} catch (SQLException ex) {
System.err.println("could not import REQUEST with ID=" + request.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else if (CaDbEntryType.REQCERT == type) {
PreparedStatement psAddReqCert = statements[0];
RequestCertType reqCert = (RequestCertType) entry;
try {
int idx = 1;
psAddReqCert.setLong(idx++, reqCert.getId());
psAddReqCert.setLong(idx++, reqCert.getRid());
psAddReqCert.setLong(idx++, reqCert.getCid());
psAddReqCert.addBatch();
} catch (SQLException ex) {
System.err.println("could not import REQUEST with ID=" + reqCert.getId() + ", message: " + ex.getMessage());
throw ex;
}
} else {
throw new RuntimeException("Unknown CaDbEntryType " + type);
}
boolean isLastBlock = !entries.hasNext();
if (numEntriesInBatch > 0 && (numEntriesInBatch % numEntriesPerCommit == 0 || isLastBlock)) {
if (evaulateOnly) {
for (PreparedStatement m : statements) {
m.clearBatch();
}
} else {
String sql = null;
try {
for (int i = 0; i < sqls.length; i++) {
sql = sqls[i];
statements[i].executeBatch();
}
sql = null;
commit("(commit import to CA)");
} catch (Throwable th) {
rollback();
deleteFromTableWithLargerId(type.getTableName(), "ID", id, LOG);
if (CaDbEntryType.CERT == type) {
deleteFromTableWithLargerId("CRAW", "CID", id, LOG);
}
if (th instanceof SQLException) {
throw translate(sql, (SQLException) th);
} else if (th instanceof Exception) {
throw (Exception) th;
} else {
throw new Exception(th);
}
}
}
lastSuccessfulEntryId = id;
processLog.addNumProcessed(numEntriesInBatch);
numEntriesInBatch = 0;
echoToFile(type + ":" + (numProcessedInLastProcess + processLog.numProcessed()) + ":" + lastSuccessfulEntryId, processLogFile);
processLog.printStatus();
}
}
return lastSuccessfulEntryId;
} finally {
recoverAutoCommit();
zipFile.close();
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
SQLException(java.sql.SQLException)
ZipEntry(java.util.zip.ZipEntry)
RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType)
CertType(org.xipki.ca.dbtool.xmlio.ca.CertType)
CertificateException(java.security.cert.CertificateException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
CRLException(java.security.cert.CRLException)
IdentifidDbObjectType(org.xipki.ca.dbtool.xmlio.IdentifidDbObjectType)
DbiXmlReader(org.xipki.ca.dbtool.xmlio.DbiXmlReader)
PreparedStatement(java.sql.PreparedStatement)
RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType)
XMLStreamException(javax.xml.stream.XMLStreamException)
DataAccessException(org.xipki.datasource.DataAccessException)
JAXBException(javax.xml.bind.JAXBException)
InvalidDataObjectException(org.xipki.ca.dbtool.xmlio.InvalidDataObjectException)
CRLException(java.security.cert.CRLException)
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
Extension(org.bouncycastle.asn1.x509.Extension)
ZipFile(java.util.zip.ZipFile)
CrlType(org.xipki.ca.dbtool.xmlio.ca.CrlType)
BigInteger(java.math.BigInteger)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
RequestType(org.xipki.ca.dbtool.xmlio.ca.RequestType)
Example 7 with CRLNumber
use of com.github.zhenwei.core.asn1.x509.CRLNumber in project keystore-explorer by kaikramer.
the class SignCrlAction method signCrl.
private X509CRL signCrl(BigInteger number, Date effectiveDate, Date nextUpdate, X509Certificate caCert, PrivateKey caPrivateKey, String signatureAlgorithm, Map<BigInteger, RevokedEntry> mapRevokedCertificate, String provider) throws NoSuchAlgorithmException, OperatorCreationException, CRLException, IOException {
X509v2CRLBuilder crlGen = new JcaX509v2CRLBuilder(caCert.getSubjectX500Principal(), effectiveDate);
crlGen.setNextUpdate(nextUpdate);
if (mapRevokedCertificate != null) {
Iterator<Map.Entry<BigInteger, RevokedEntry>> it = mapRevokedCertificate.entrySet().iterator();
while (it.hasNext()) {
Map.Entry<BigInteger, RevokedEntry> pair = it.next();
RevokedEntry entry = pair.getValue();
crlGen.addCRLEntry(entry.getUserCertificateSerial(), entry.getRevocationDate(), entry.getReason());
}
}
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
crlGen.addExtension(Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey()));
crlGen.addExtension(Extension.cRLNumber, false, new CRLNumber(number));
X509CRLHolder crl = crlGen.build(new JcaContentSignerBuilder(signatureAlgorithm).setProvider(provider).build(caPrivateKey));
return new JcaX509CRLConverter().setProvider(BOUNCY_CASTLE.jce()).getCRL(crl);
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder)
RevokedEntry(org.kse.gui.dialogs.sign.RevokedEntry)
RevokedEntry(org.kse.gui.dialogs.sign.RevokedEntry)
JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
JcaX509v2CRLBuilder(org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder)
Map(java.util.Map)
Example 8 with CRLNumber
use of com.github.zhenwei.core.asn1.x509.CRLNumber in project keystore-explorer by kaikramer.
the class X509Ext method getDeltaCrlIndicatorStringValue.
private static String getDeltaCrlIndicatorStringValue(byte[] value) throws IOException {
// @formatter:off
/*
* deltaCRLIndicator EXTENSION ::= { SYNTAX BaseCRLNumber IDENTIFIED BY
* id-ce-deltaCRLIndicator }
*
* BaseCRLNumber ::= CRLNumber
*
* CRLNumber ::= ASN1Integer (0..MAX)
*/
// @formatter:on
CRLNumber crlNumber = CRLNumber.getInstance(value);
BigInteger crlNum = crlNumber.getCRLNumber();
return HexUtil.getHexString(crlNum) + NEWLINE;
}
Also used :
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
BigInteger(java.math.BigInteger)
Example 9 with CRLNumber
use of com.github.zhenwei.core.asn1.x509.CRLNumber in project keystore-explorer by kaikramer.
the class X509Ext method getCrlNumberStringValue.
private static String getCrlNumberStringValue(byte[] value) throws IOException {
// @formatter:off
/* CRLNumber ::= ASN1Integer (0..MAX) */
// @formatter:on
StringBuilder sb = new StringBuilder();
CRLNumber crlNumber = CRLNumber.getInstance(value);
sb.append(HexUtil.getHexString(crlNumber.getCRLNumber()));
sb.append(NEWLINE);
return sb.toString();
}
Also used :
CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)
Example 10 with CRLNumber
use of com.github.zhenwei.core.asn1.x509.CRLNumber in project signer by demoiselle.
the class RevocationRefs method makeCrlValidatedID.
/**
* @param crl CrlValidatedID from X509CRL
* @return a CrlValidatedID
* @throws NoSuchAlgorithmException
* @throws CRLException
*/
private CrlValidatedID makeCrlValidatedID(X509CRL crl) throws CRLException {
Digest digest = DigestFactory.getInstance().factoryDefault();
digest.setAlgorithm(DigestAlgorithmEnum.SHA_256);
OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), new DEROctetString(digest.digest(crl.getEncoded())));
OtherHash hash = new OtherHash(otherHashAlgAndValue);
BigInteger crlnumber;
CrlIdentifier crlid;
if (crl.getExtensionValue("2.5.29.20") != null) {
ASN1Integer varASN1Integer = new ASN1Integer(crl.getExtensionValue("2.5.29.20"));
crlnumber = varASN1Integer.getPositiveValue();
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()), crlnumber);
} else {
crlid = new CrlIdentifier(new X500Name(crl.getIssuerX500Principal().getName()), new DERUTCTime(crl.getThisUpdate()));
}
CrlValidatedID crlvid = new CrlValidatedID(hash, crlid);
return crlvid;
}
Also used :
CrlValidatedID(org.bouncycastle.asn1.esf.CrlValidatedID)
Digest(org.demoiselle.signer.cryptography.Digest)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
BigInteger(java.math.BigInteger)
CrlIdentifier(org.bouncycastle.asn1.esf.CrlIdentifier)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
X500Name(org.bouncycastle.asn1.x500.X500Name)
OtherHashAlgAndValue(org.bouncycastle.asn1.esf.OtherHashAlgAndValue)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
OtherHash(org.bouncycastle.asn1.esf.OtherHash)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
Aggregations
CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)18
BigInteger (java.math.BigInteger)15
X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)13
Date (java.util.Date)12
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)12
CRLException (java.security.cert.CRLException)11
JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)11
HashSet (java.util.HashSet)10
IOException (java.io.IOException)8
X509CRL (java.security.cert.X509CRL)8
JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)8
X500Name (org.bouncycastle.asn1.x500.X500Name)7
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)7
Enumeration (java.util.Enumeration)6
Set (java.util.Set)6
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6
File (java.io.File)5
InvalidKeyException (java.security.InvalidKeyException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
NoSuchProviderException (java.security.NoSuchProviderException)5
