use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrlWithInvalidityDate.
@Test
public void parseCrlWithInvalidityDate() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("invaliditydate.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 1, numRevokedCerts);
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CtLogTest method parseCtLogInCert.
private void parseCtLogInCert(String certFile) throws Exception {
byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
certBytes = X509Util.toDerEncoded(certBytes);
Certificate cert = Certificate.getInstance(certBytes);
Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
sct.getDigitallySigned().getEncoded();
sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
byte[] encoded2 = sctList2.getEncoded();
Assert.assertArrayEquals(encodedScts, encoded2);
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class IssuerEntry method getIssuerHashAndKeys.
private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
byte[] encodedName;
byte[] encodedKey;
try {
Certificate bcCert = Certificate.getInstance(encodedCert);
encodedName = bcCert.getSubject().getEncoded("DER");
encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
} catch (IllegalArgumentException | IOException ex) {
throw new CertificateEncodingException(ex.getMessage(), ex);
}
Map<HashAlgo, byte[]> hashes = new HashMap<>();
for (HashAlgo ha : HashAlgo.values()) {
int hlen = ha.getLength();
byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
int offset = 0;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
offset += hlen;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
hashes.put(ha, nameAndKeyHash);
}
return hashes;
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class EjbcaIssuerEntry method getIssuerHashAndKeys.
private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
byte[] encodedName;
byte[] encodedKey;
try {
Certificate bcCert = Certificate.getInstance(encodedCert);
encodedName = bcCert.getSubject().getEncoded("DER");
encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
} catch (IllegalArgumentException | IOException ex) {
throw new CertificateEncodingException(ex.getMessage(), ex);
}
Map<HashAlgo, byte[]> hashes = new HashMap<>();
for (HashAlgo ha : HashAlgo.values()) {
int hlen = ha.getLength();
byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
int offset = 0;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
offset += hlen;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
hashes.put(ha, nameAndKeyHash);
}
return hashes;
}
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
// method importIssuer
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = readContent(issuer.getCert());
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
ps.setString(idx++, issuer.getRevInfo());
ps.setString(idx++, Base64.encodeToString(encodedCert));
// CRL_ID
ps.setNull(idx, Types.INTEGER);
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
Aggregations