Example 16 with CRLReason
use of com.github.zhenwei.core.asn1.x509.CRLReason in project ca3sCore by kuehne-trustable-de.
the class CaBackendTask method execute.
/**
* make a call to the CA sending the csr or revoking a given certificate
*/
@Transactional
@Override
public void execute(DelegateExecution execution) throws Exception {
execution.setVariable("status", "Failed");
execution.setVariable("failureReason", "");
String action = (String) execution.getVariable("action");
LOGGER.debug("execution.getVariable('action') : " + action);
if (caccRepo.count() == 0) {
LOGGER.debug("CAConnectorConfig is empty");
}
String caConfigIdStr = execution.getVariable("caConfigId").toString();
long caConfigId = Long.parseLong(caConfigIdStr);
Optional<CAConnectorConfig> caConnOpt = caccRepo.findById(caConfigId);
if (!caConnOpt.isPresent()) {
execution.setVariable("failureReason", "certificate Id '" + caConfigId + "' not found.");
return;
}
CAConnectorConfig caConfig = caConnOpt.get();
if (caConfig == null) {
LOGGER.debug("caName NOT set by calling BPNM process");
caConfig = configUtil.getDefaultConfig();
if (caConfig == null) {
LOGGER.error("no default CA available");
return;
} else {
LOGGER.debug("using '{}' as the default CA ", caConfig.getName());
}
}
try {
if ("Revoke".equals(action)) {
Certificate revokeCert = (Certificate) execution.getVariable("certificate");
if (revokeCert == null) {
String revokeCertIdStr = execution.getVariable("certificateId").toString();
long certificateId = -1;
try {
certificateId = Long.parseLong(revokeCertIdStr);
LOGGER.debug("execution.getVariable('certificateId') : " + certificateId);
Optional<Certificate> certificateOpt = certificateRepository.findById(certificateId);
if (!certificateOpt.isPresent()) {
execution.setVariable("failureReason", "certificate Id '" + revokeCertIdStr + "' not found.");
return;
}
revokeCert = certificateOpt.get();
} catch (NumberFormatException nfe) {
String msg = "unparsable cert id '" + revokeCertIdStr + "'";
LOGGER.warn(msg);
execution.setVariable("failureReason", msg);
return;
}
}
String revocationReasonStr = (String) execution.getVariable("revocationReason");
if (revocationReasonStr != null) {
revocationReasonStr = revocationReasonStr.trim();
}
LOGGER.debug("execution.getVariable('revocationReason') : " + revocationReasonStr);
if (revokeCert.isRevoked()) {
execution.setVariable("failureReason", "certificate with id '" + revokeCert.getId() + "' already revoked.");
}
CRLReason crlReason = cryptoUtil.crlReasonFromString(revocationReasonStr);
String crlReasonStr = cryptoUtil.crlReasonAsString(crlReason);
LOGGER.debug("crlReason : " + crlReasonStr);
Date now = new Date();
caConnAdapter.revokeCertificate(revokeCert, crlReason, now, caConfig);
revokeCert.setRevoked(true);
revokeCert.setRevokedSince(DateUtil.asInstant(now));
revokeCert.setRevocationReason(crlReasonStr);
revokeCert.setRevocationExecutionId(execution.getProcessInstanceId());
execution.setVariable("status", "Revoked");
} else {
// String csrBase64 = (String) execution.getVariable("csrId");
// LOGGER.debug("execution.getVariable('csr') : {} ", csrBase64);
execution.setVariable("certificateId", "");
CSR csr = (CSR) execution.getVariable("csr");
if (csr == null) {
String csrIdString = execution.getVariable("csrId").toString();
long csrId = Long.parseLong(csrIdString);
Optional<CSR> csrOpt = csrRepository.findById(csrId);
if (!csrOpt.isPresent()) {
execution.setVariable("failureReason", "csr Id '" + csrId + "' not found.");
return;
}
csr = csrOpt.get();
}
Certificate cert = caConnAdapter.signCertificateRequest(csr, caConfig);
if (cert != null) {
cert.setCreationExecutionId(execution.getProcessInstanceId());
certificateRepository.save(cert);
LOGGER.debug("certificateId " + cert.getId());
} else {
LOGGER.warn("ceated certificate for csr #" + csr.getId() + " == null!");
}
execution.setVariable("certificateId", cert.getId());
execution.setVariable("certificate", cert);
execution.setVariable("status", "Created");
}
} catch (Exception e) {
execution.setVariable("failureReason", e.getMessage());
LOGGER.info("signCertificateRequest failed", e);
}
}
Also used :
CSR(de.trustable.ca3s.core.domain.CSR)
CAConnectorConfig(de.trustable.ca3s.core.domain.CAConnectorConfig)
CRLReason(org.bouncycastle.asn1.x509.CRLReason)
Date(java.util.Date)
Certificate(de.trustable.ca3s.core.domain.Certificate)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 17 with CRLReason
use of com.github.zhenwei.core.asn1.x509.CRLReason in project LinLong-Java by zhenwei1108.
the class V2TBSCertListGenerator method createReasonExtension.
private static ASN1Sequence createReasonExtension(int reasonCode) {
ASN1EncodableVector v = new ASN1EncodableVector(2);
CRLReason crlReason = CRLReason.lookup(reasonCode);
try {
v.add(Extension.reasonCode);
v.add(new DEROctetString(crlReason.getEncoded()));
} catch (IOException e) {
throw new IllegalArgumentException("error encoding reason: " + e);
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
IOException(java.io.IOException)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
Example 18 with CRLReason
use of com.github.zhenwei.core.asn1.x509.CRLReason in project LinLong-Java by zhenwei1108.
the class RevokedInfo method toASN1Primitive.
/**
* Produce an object suitable for an ASN1OutputStream.
* <pre>
* RevokedInfo ::= SEQUENCE {
* revocationTime GeneralizedTime,
* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
* </pre>
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(revocationTime);
if (revocationReason != null) {
v.add(new DERTaggedObject(true, 0, revocationReason));
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
DERTaggedObject(com.github.zhenwei.core.asn1.DERTaggedObject)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Aggregations
Date (java.util.Date)8
CrlReason (org.xipki.security.CrlReason)7
IOException (java.io.IOException)6
BigInteger (java.math.BigInteger)6
CRLReason (org.bouncycastle.asn1.x509.CRLReason)6
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)5
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)4
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4
OperationException (org.xipki.ca.api.OperationException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
X509Certificate (java.security.cert.X509Certificate)3
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)3
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3
X500Name (org.bouncycastle.asn1.x500.X500Name)3
Extension (org.bouncycastle.asn1.x509.Extension)3
Extensions (org.bouncycastle.asn1.x509.Extensions)3
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)2
DERSequence (com.github.zhenwei.core.asn1.DERSequence)2
EOFException (java.io.EOFException)2
MessageDigest (java.security.MessageDigest)2
