Example 21 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project XobotOS by xamarin.
the class X509CertFactoryImpl method engineGenerateCRLs.
/**
* @see java.security.cert.CertificateFactorySpi#engineGenerateCRLs(InputStream)
* method documentation for more info
*/
public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) throws CRLException {
if (inStream == null) {
throw new CRLException("inStream == null");
}
ArrayList<CRL> result = new ArrayList<CRL>();
try {
if (!inStream.markSupported()) {
inStream = new RestoringInputStream(inStream);
}
// if it is PEM encoded form this array will contain the encoding
// so ((it is PEM) <-> (encoding != null))
byte[] encoding = null;
// The following by SEQUENCE ASN.1 tag, used for
// recognizing the data format
// (is it PKCS7 ContentInfo structure, X.509 CRL, or
// unsupported encoding)
int second_asn1_tag = -1;
inStream.mark(1);
int ch;
while ((ch = inStream.read()) != -1) {
// check if it is PEM encoded form
if (ch == '-') {
// beginning of PEM encoding ('-' char)
// decode PEM chunk and store its content (ASN.1 encoding)
encoding = decodePEM(inStream, FREE_BOUND_SUFFIX);
} else if (ch == 0x30) {
// beginning of ASN.1 sequence (0x30)
encoding = null;
inStream.reset();
// prepare for data format determination
inStream.mark(CRL_CACHE_SEED_LENGTH);
} else {
// unsupported data
if (result.size() == 0) {
throw new CRLException("Unsupported encoding");
} else {
// it can be trailing user data,
// so keep it in the stream
inStream.reset();
return result;
}
}
// Check the data format
BerInputStream in = (encoding == null) ? new BerInputStream(inStream) : new BerInputStream(encoding);
// read the next ASN.1 tag
second_asn1_tag = in.next();
if (encoding == null) {
// keep whole structure in the stream
inStream.reset();
}
// check if it is a TBSCertList structure
if (second_asn1_tag != ASN1Constants.TAG_C_SEQUENCE) {
if (result.size() == 0) {
// whether it is PKCS7 structure
break;
} else {
// so return what we already read
return result;
}
} else {
if (encoding == null) {
result.add(getCRL(inStream));
} else {
result.add(getCRL(encoding));
}
}
inStream.mark(1);
}
if (result.size() != 0) {
// the stream was read out
return result;
} else if (ch == -1) {
throw new CRLException("There is no data in the stream");
}
// else: check if it is PKCS7
if (second_asn1_tag == ASN1Constants.TAG_OID) {
// it is PKCS7 ContentInfo structure, so decode it
ContentInfo info = (ContentInfo) ((encoding != null) ? ContentInfo.ASN1.decode(encoding) : ContentInfo.ASN1.decode(inStream));
// retrieve SignedData
SignedData data = info.getSignedData();
if (data == null) {
throw new CRLException("Invalid PKCS7 data provided");
}
List<CertificateList> crls = data.getCRLs();
if (crls != null) {
for (CertificateList crl : crls) {
result.add(new X509CRLImpl(crl));
}
}
return result;
}
// else: Unknown data format
throw new CRLException("Unsupported encoding");
} catch (IOException e) {
throw new CRLException(e);
}
}
Also used :
SignedData(org.apache.harmony.security.pkcs7.SignedData)
ArrayList(java.util.ArrayList)
CertificateList(org.apache.harmony.security.x509.CertificateList)
IOException(java.io.IOException)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CRL(java.security.cert.X509CRL)
CRL(java.security.cert.CRL)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
CRLException(java.security.cert.CRLException)
Example 22 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project xipki by xipki.
the class X509CmpRequestor method evaluateCrlResponse.
private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("response", response);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
X509CRL crl;
try {
crl = X509Util.toX509Crl(certList);
} catch (CRLException | CertificateException ex) {
throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
}
return crl;
}
Also used :
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
X509CRL(java.security.cert.X509CRL)
GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertificateException(java.security.cert.CertificateException)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
CRLException(java.security.cert.CRLException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 23 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project candlepin by candlepin.
the class X509CRLStreamWriter method writeToEmptyCrl.
protected void writeToEmptyCrl(OutputStream out) throws IOException {
ASN1InputStream asn1in = null;
try {
asn1in = new ASN1InputStream(crlIn);
ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
CertificateList certList = CertificateList.getInstance(certListSeq);
X509CRLHolder oldCrl = new X509CRLHolder(certList);
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
crlBuilder.addCRL(oldCrl);
Date now = new Date();
Date oldNextUpdate = certList.getNextUpdate().getDate();
Date oldThisUpdate = certList.getThisUpdate().getDate();
Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
crlBuilder.setNextUpdate(nextUpdate);
for (Object o : oldCrl.getExtensionOIDs()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
Extension ext = oldCrl.getExtension(oid);
if (oid.equals(Extension.cRLNumber)) {
ASN1OctetString octet = ext.getExtnValue();
ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
} else if (oid.equals(Extension.authorityKeyIdentifier)) {
crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
}
}
for (DERSequence entry : newEntries) {
// XXX: This is all a bit messy considering the user already passed in the serial, date
// and reason.
BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
int reason = CRLReason.unspecified;
if (entry.size() == 3) {
Extensions extensions = (Extensions) entry.getObjectAt(2);
Extension reasonExt = extensions.getExtension(Extension.reasonCode);
if (reasonExt != null) {
reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
}
}
crlBuilder.addCRLEntry(serial, revokeDate, reason);
}
if (signingAlg == null) {
signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
}
ContentSigner s;
try {
s = createContentSigner(signingAlg, key);
X509CRLHolder newCrl = crlBuilder.build(s);
out.write(newCrl.getEncoded());
} catch (OperatorCreationException e) {
throw new IOException("Could not sign CRL", e);
}
} finally {
IOUtils.closeQuietly(asn1in);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
Time(org.bouncycastle.asn1.x509.Time)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Date(java.util.Date)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 24 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project jasn1 by openmuc.
the class LoadCRLRequest method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.CONSTRUCTED, 0)) {
crl = new CertificateList();
vByteCount += crl.decode(is, false);
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
CertificateList(com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)
IOException(java.io.IOException)
Example 25 with CertificateList
use of com.github.zhenwei.core.asn1.x509.CertificateList in project jasn1 by openmuc.
the class SegmentedCrlList method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
while (vByteCount < lengthVal || lengthVal < 0) {
vByteCount += berTag.decode(is);
if (lengthVal < 0 && berTag.equals(0, 0, 0)) {
vByteCount += BerLength.readEocByte(is);
break;
}
if (!berTag.equals(CertificateList.tag)) {
throw new IOException("Tag does not match mandatory sequence of/set of component.");
}
CertificateList element = new CertificateList();
vByteCount += element.decode(is, false);
seqOf.add(element);
}
if (lengthVal >= 0 && vByteCount != lengthVal) {
throw new IOException("Decoded SequenceOf or SetOf has wrong length. Expected " + lengthVal + " but has " + vByteCount);
}
return tlByteCount + vByteCount;
}
Also used :
CertificateList(com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)
IOException(java.io.IOException)
Aggregations
IOException (java.io.IOException)13
CertificateList (org.bouncycastle.asn1.x509.CertificateList)13
CRLException (java.security.cert.CRLException)10
Test (org.junit.jupiter.api.Test)8
CRL (java.security.cert.CRL)5
X509CRL (java.security.cert.X509CRL)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5
OperationException (org.xipki.ca.api.OperationException)5
DefaultCertManagerClient (io.fabric8.certmanager.client.DefaultCertManagerClient)4
NamespacedCertManagerClient (io.fabric8.certmanager.client.NamespacedCertManagerClient)4
GeneralName (org.bouncycastle.asn1.x509.GeneralName)4
CertificateList (io.fabric8.certmanager.api.model.v1.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha2.CertificateList)3
CertificateList (io.fabric8.certmanager.api.model.v1alpha3.CertificateList)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
BigInteger (java.math.BigInteger)3
CertificateException (java.security.cert.CertificateException)3
X509Certificate (java.security.cert.X509Certificate)3
CertificateList (com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)2
