Example 31 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class OcspCertStoreDbImporter method importIssuer0.
private void importIssuer0(IssuerType issuer, PreparedStatement ps) throws DataAccessException, CertificateException, IOException {
try {
String certFilename = issuer.getCertFile();
String b64Cert = new String(IoUtil.read(new File(baseDir, certFilename)));
byte[] encodedCert = Base64.decode(b64Cert);
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
LOG.error("could not parse certificate of issuer {}", issuer.getId());
LOG.debug("could not parse certificate of issuer " + issuer.getId(), ex);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, sha1(encodedCert));
setBoolean(ps, idx++, issuer.isRevoked());
setInt(ps, idx++, issuer.getRevReason());
setLong(ps, idx++, issuer.getRevTime());
setLong(ps, idx++, issuer.getRevInvTime());
ps.setString(idx++, b64Cert);
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(SQL_ADD_ISSUER, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
Also used :
SQLException(java.sql.SQLException)
CertificateException(java.security.cert.CertificateException)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 32 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class BenchmarkOcspStatusCmd method execute0.
@Override
protected Object execute0() throws Exception {
int ii = 0;
if (serialNumberList != null) {
ii++;
}
if (serialNumberFile != null) {
ii++;
}
if (CollectionUtil.isNonEmpty(certFiles)) {
ii++;
}
if (ii != 1) {
throw new IllegalCmdParamException("exactly one of serial, serial-file and cert must be specified");
}
if (numThreads < 1) {
throw new IllegalCmdParamException("invalid number of threads " + numThreads);
}
Iterator<BigInteger> serialNumberIterator;
if (serialNumberFile != null) {
serialNumberIterator = new FileBigIntegerIterator(IoUtil.expandFilepath(serialNumberFile), hex, true);
} else {
List<BigIntegerRange> serialNumbers = new LinkedList<>();
if (serialNumberList != null) {
StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
while (st.hasMoreTokens()) {
String token = st.nextToken();
StringTokenizer st2 = new StringTokenizer(token, "-");
BigInteger from = toBigInt(st2.nextToken(), hex);
BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : from;
serialNumbers.add(new BigIntegerRange(from, to));
}
} else if (certFiles != null) {
for (String certFile : certFiles) {
X509Certificate cert;
try {
cert = X509Util.parseCert(certFile);
} catch (Exception ex) {
throw new IllegalCmdParamException("invalid certificate file '" + certFile + "'", ex);
}
BigInteger serial = cert.getSerialNumber();
serialNumbers.add(new BigIntegerRange(serial, serial));
}
}
serialNumberIterator = new RangeBigIntegerIterator(serialNumbers, true);
}
try {
String description = StringUtil.concatObjects("issuer cert: ", issuerCertFile, "\nserver URL: ", serverUrl, "\nmaxRequest: ", maxRequests, "\nhash: ", hashAlgo);
Certificate issuerCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
RequestOptions options = getRequestOptions();
OcspBenchmark loadTest = new OcspBenchmark(issuerCert, serverUrl, options, serialNumberIterator, maxRequests, analyzeResponse, queueSize, description.toString());
loadTest.setDuration(duration);
loadTest.setThreads(numThreads);
loadTest.test();
} finally {
if (serialNumberIterator instanceof FileBigIntegerIterator) {
((FileBigIntegerIterator) serialNumberIterator).close();
}
}
return null;
}
Also used :
BigIntegerRange(org.xipki.common.util.BigIntegerRange)
RequestOptions(org.xipki.ocsp.client.api.RequestOptions)
OcspBenchmark(org.xipki.ocsp.qa.benchmark.OcspBenchmark)
FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
StringTokenizer(java.util.StringTokenizer)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
BigInteger(java.math.BigInteger)
RangeBigIntegerIterator(org.xipki.common.util.RangeBigIntegerIterator)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 33 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project jasn1 by openmuc.
the class InitiateAuthenticationOkEs9 method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
transactionId = new TransactionId();
vByteCount += transactionId.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
vByteCount += serverSigned1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
vByteCount += serverSignature1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
vByteCount += serverCertificate.decode(is, false);
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
IOException(java.io.IOException)
SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)
Example 34 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project jasn1 by openmuc.
the class AuthenticateServerRequest method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
int numDecodedBytes;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(ServerSigned1.tag)) {
serverSigned1 = new ServerSigned1();
vByteCount += serverSigned1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
serverSignature1 = new BerOctetString();
vByteCount += serverSignature1.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(SubjectKeyIdentifier.tag)) {
euiccCiPKIdToBeUsed = new SubjectKeyIdentifier();
vByteCount += euiccCiPKIdToBeUsed.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(Certificate.tag)) {
serverCertificate = new Certificate();
vByteCount += serverCertificate.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
ctxParams1 = new CtxParams1();
numDecodedBytes = ctxParams1.decode(is, berTag);
if (numDecodedBytes != 0) {
vByteCount += numDecodedBytes;
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
IOException(java.io.IOException)
SubjectKeyIdentifier(com.beanit.asn1bean.compiler.pkix1implicit88.SubjectKeyIdentifier)
Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)
Example 35 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project jasn1 by openmuc.
the class AuthenticateClientOk method decode.
public int decode(InputStream is, boolean withTag) throws IOException {
int tlByteCount = 0;
int vByteCount = 0;
BerTag berTag = new BerTag();
if (withTag) {
tlByteCount += tag.decodeAndCheck(is);
}
BerLength length = new BerLength();
tlByteCount += length.decode(is);
int lengthVal = length.val;
vByteCount += berTag.decode(is);
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.PRIMITIVE, 0)) {
transactionId = new TransactionId();
vByteCount += transactionId.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.CONTEXT_CLASS, BerTag.CONSTRUCTED, 37)) {
profileMetaData = new StoreMetadataRequest();
vByteCount += profileMetaData.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(SmdpSigned2.tag)) {
smdpSigned2 = new SmdpSigned2();
vByteCount += smdpSigned2.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(BerTag.APPLICATION_CLASS, BerTag.PRIMITIVE, 55)) {
smdpSignature2 = new BerOctetString();
vByteCount += smdpSignature2.decode(is, false);
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (berTag.equals(Certificate.tag)) {
smdpCertificate = new Certificate();
vByteCount += smdpCertificate.decode(is, false);
if (lengthVal >= 0 && vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
} else {
throw new IOException("Tag does not match mandatory sequence component.");
}
if (lengthVal < 0) {
while (!berTag.equals(0, 0, 0)) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
vByteCount += berTag.decode(is);
}
vByteCount += BerLength.readEocByte(is);
return tlByteCount + vByteCount;
} else {
while (vByteCount < lengthVal) {
vByteCount += DecodeUtil.decodeUnknownComponent(is);
if (vByteCount == lengthVal) {
return tlByteCount + vByteCount;
}
vByteCount += berTag.decode(is);
}
}
throw new IOException("Unexpected end of sequence, length tag: " + lengthVal + ", bytes decoded: " + vByteCount);
}
Also used :
IOException(java.io.IOException)
Certificate(com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24
Test (org.junit.Test)14
Operation (com.google.longrunning.Operation)13
File (java.io.File)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
Date (java.util.Date)5
