Example 46 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CrlStreamParserTest method parseCrlWithInvalidityDate.
@Test
public void parseCrlWithInvalidityDate() throws Exception {
Certificate issuerSigner = getIssuerSigner();
CrlStreamParser parser = getParser("invaliditydate.crl");
Assert.assertEquals("version", 1, parser.getVersion());
Assert.assertEquals("CRL number", BigInteger.valueOf(1), parser.getCrlNumber());
Assert.assertTrue("signature", parser.verifySignature(issuerSigner.getSubjectPublicKeyInfo()));
int numRevokedCerts = 0;
try (RevokedCertsIterator iterator = parser.revokedCertificates()) {
while (iterator.hasNext()) {
iterator.next();
numRevokedCerts++;
}
}
Assert.assertEquals("#revokedCertificates", 1, numRevokedCerts);
}
Also used :
CrlStreamParser(org.xipki.security.asn1.CrlStreamParser)
RevokedCertsIterator(org.xipki.security.asn1.CrlStreamParser.RevokedCertsIterator)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Test(org.junit.Test)
Example 47 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CtLogTest method parseCtLogInCert.
private void parseCtLogInCert(String certFile) throws Exception {
byte[] certBytes = IoUtil.read(getClass().getResourceAsStream(certFile));
certBytes = X509Util.toDerEncoded(certBytes);
Certificate cert = Certificate.getInstance(certBytes);
Extension extn = cert.getTBSCertificate().getExtensions().getExtension(ObjectIdentifiers.Extn.id_SCTs);
byte[] encodedScts = DEROctetString.getInstance(extn.getParsedValue()).getOctets();
SignedCertificateTimestampList sctList2 = SignedCertificateTimestampList.getInstance(encodedScts);
SignedCertificateTimestamp sct = sctList2.getSctList().get(0);
sct.getDigitallySigned().getEncoded();
sctList2.getSctList().get(0).getDigitallySigned().getSignatureObject();
byte[] encoded2 = sctList2.getEncoded();
Assert.assertArrayEquals(encodedScts, encoded2);
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
SignedCertificateTimestampList(org.xipki.security.ctlog.CtLog.SignedCertificateTimestampList)
Certificate(org.bouncycastle.asn1.x509.Certificate)
SignedCertificateTimestamp(org.xipki.security.ctlog.CtLog.SignedCertificateTimestamp)
Example 48 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class IssuerEntry method getIssuerHashAndKeys.
private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
byte[] encodedName;
byte[] encodedKey;
try {
Certificate bcCert = Certificate.getInstance(encodedCert);
encodedName = bcCert.getSubject().getEncoded("DER");
encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
} catch (IllegalArgumentException | IOException ex) {
throw new CertificateEncodingException(ex.getMessage(), ex);
}
Map<HashAlgo, byte[]> hashes = new HashMap<>();
for (HashAlgo ha : HashAlgo.values()) {
int hlen = ha.getLength();
byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
int offset = 0;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
offset += hlen;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
hashes.put(ha, nameAndKeyHash);
}
return hashes;
}
Also used :
HashMap(java.util.HashMap)
HashAlgo(org.xipki.security.HashAlgo)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 49 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class EjbcaIssuerEntry method getIssuerHashAndKeys.
private static Map<HashAlgo, byte[]> getIssuerHashAndKeys(byte[] encodedCert) throws CertificateEncodingException {
byte[] encodedName;
byte[] encodedKey;
try {
Certificate bcCert = Certificate.getInstance(encodedCert);
encodedName = bcCert.getSubject().getEncoded("DER");
encodedKey = bcCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
} catch (IllegalArgumentException | IOException ex) {
throw new CertificateEncodingException(ex.getMessage(), ex);
}
Map<HashAlgo, byte[]> hashes = new HashMap<>();
for (HashAlgo ha : HashAlgo.values()) {
int hlen = ha.getLength();
byte[] nameAndKeyHash = new byte[(2 + hlen) << 1];
int offset = 0;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedName), 0, nameAndKeyHash, offset, hlen);
offset += hlen;
nameAndKeyHash[offset++] = 0x04;
nameAndKeyHash[offset++] = (byte) hlen;
System.arraycopy(ha.hash(encodedKey), 0, nameAndKeyHash, offset, hlen);
hashes.put(ha, nameAndKeyHash);
}
return hashes;
}
Also used :
HashMap(java.util.HashMap)
HashAlgo(org.xipki.security.HashAlgo)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 50 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
// method importIssuer
private void importIssuer0(CaCertstore.Ca issuer, String sql, PreparedStatement ps, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = readContent(issuer.getCert());
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
ps.setString(idx++, issuer.getRevInfo());
ps.setString(idx++, Base64.encodeToString(encodedCert));
// CRL_ID
ps.setNull(idx, Types.INTEGER);
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
Also used :
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24
Test (org.junit.Test)14
Operation (com.google.longrunning.Operation)13
File (java.io.File)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
Date (java.util.Date)5
