Examples with ASN1GeneralizedTime com.unboundid.asn1.ASN1GeneralizedTime used on opensource projects
Example 6 with ASN1GeneralizedTime
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class BaseX509Certprofile method createDateOfBirthRdn.
private static RDN createDateOfBirthRdn(ASN1ObjectIdentifier type, ASN1Encodable rdnValue) throws BadCertTemplateException {
ParamUtil.requireNonNull("type", type);
String text;
ASN1Encodable newRdnValue = null;
if (rdnValue instanceof ASN1GeneralizedTime) {
text = ((ASN1GeneralizedTime) rdnValue).getTimeString();
newRdnValue = rdnValue;
} else if (rdnValue instanceof ASN1String && !(rdnValue instanceof DERUniversalString)) {
text = ((ASN1String) rdnValue).getString();
} else {
throw new BadCertTemplateException("Value of RDN dateOfBirth has incorrect syntax");
}
if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(text).matches()) {
throw new BadCertTemplateException("Value of RDN dateOfBirth does not have format YYYMMDD000000Z");
}
if (newRdnValue == null) {
newRdnValue = new DERGeneralizedTime(text);
}
return new RDN(type, newRdnValue);
}
Also used :
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.bouncycastle.asn1.ASN1String)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 7 with ASN1GeneralizedTime
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ImportCrl method importEntries.
private void importEntries(Connection conn, int caId) throws DataAccessException, ImportCrlException {
AtomicLong maxId = new AtomicLong(datasource.getMax(conn, "CERT", "ID"));
// import the revoked information
Set<? extends X509CRLEntry> revokedCertList = crl.getRevokedCertificates();
if (revokedCertList != null) {
for (X509CRLEntry c : revokedCertList) {
X500Principal issuer = c.getCertificateIssuer();
BigInteger serial = c.getSerialNumber();
if (issuer != null) {
if (!x500PrincipalCaSubject.equals(issuer)) {
throw new ImportCrlException("invalid CRLEntry for certificate number " + serial);
}
}
Date rt = c.getRevocationDate();
Date rit = null;
byte[] extnValue = c.getExtensionValue(Extension.invalidityDate.getId());
if (extnValue != null) {
extnValue = extractCoreValue(extnValue);
ASN1GeneralizedTime genTime = DERGeneralizedTime.getInstance(extnValue);
try {
rit = genTime.getDate();
} catch (ParseException ex) {
throw new ImportCrlException(ex.getMessage(), ex);
}
if (rt.equals(rit)) {
rit = null;
}
}
CrlReason reason = CrlReason.fromReason(c.getRevocationReason());
String sql = null;
try {
if (reason == CrlReason.REMOVE_FROM_CRL) {
if (!isDeltaCrl) {
LOG.warn("ignore CRL entry with reason removeFromCRL in non-Delta CRL");
}
// delete the entry
sql = SQL_DELETE_CERT;
psDeleteCert.setInt(1, caId);
psDeleteCert.setString(2, serial.toString(16));
psDeleteCert.executeUpdate();
continue;
}
Long id = getId(caId, serial);
PreparedStatement ps;
int offset = 1;
if (id == null) {
sql = SQL_INSERT_CERT_REV;
id = maxId.incrementAndGet();
ps = psInsertCertRev;
ps.setLong(offset++, id);
ps.setInt(offset++, caId);
ps.setString(offset++, serial.toString(16));
} else {
sql = SQL_UPDATE_CERT_REV;
ps = psUpdateCertRev;
}
ps.setInt(offset++, 1);
ps.setInt(offset++, reason.getCode());
ps.setLong(offset++, rt.getTime() / 1000);
if (rit != null) {
ps.setLong(offset++, rit.getTime() / 1000);
} else {
ps.setNull(offset++, Types.BIGINT);
}
ps.setLong(offset++, System.currentTimeMillis() / 1000);
if (ps == psUpdateCertRev) {
ps.setLong(offset++, id);
}
ps.executeUpdate();
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
}
}
}
// import the certificates
// extract the certificate
byte[] extnValue = crl.getExtensionValue(ObjectIdentifiers.id_xipki_ext_crlCertset.getId());
if (extnValue != null) {
extnValue = extractCoreValue(extnValue);
ASN1Set asn1Set = DERSet.getInstance(extnValue);
final int n = asn1Set.size();
for (int i = 0; i < n; i++) {
ASN1Encodable asn1 = asn1Set.getObjectAt(i);
ASN1Sequence seq = ASN1Sequence.getInstance(asn1);
BigInteger serialNumber = ASN1Integer.getInstance(seq.getObjectAt(0)).getValue();
Certificate cert = null;
String profileName = null;
final int size = seq.size();
for (int j = 1; j < size; j++) {
ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(seq.getObjectAt(j));
int tagNo = taggedObj.getTagNo();
switch(tagNo) {
case 0:
cert = Certificate.getInstance(taggedObj.getObject());
break;
case 1:
profileName = DERUTF8String.getInstance(taggedObj.getObject()).getString();
break;
default:
break;
}
}
if (cert == null) {
continue;
}
if (!caSubject.equals(cert.getIssuer())) {
LOG.warn("issuer not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
continue;
}
if (!serialNumber.equals(cert.getSerialNumber().getValue())) {
LOG.warn("serialNumber not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
continue;
}
String certLogId = "(issuer='" + cert.getIssuer() + "', serialNumber=" + cert.getSerialNumber() + ")";
addCertificate(maxId, caId, cert, profileName, certLogId);
}
} else {
// cert dirs
File certsDir = new File(certsDirName);
if (!certsDir.exists()) {
LOG.warn("the folder {} does not exist, ignore it", certsDirName);
return;
}
if (!certsDir.isDirectory()) {
LOG.warn("the path {} does not point to a folder, ignore it", certsDirName);
return;
}
if (!certsDir.canRead()) {
LOG.warn("the folder {} must not be read, ignore it", certsDirName);
return;
}
File[] certFiles = certsDir.listFiles(new FilenameFilter() {
@Override
public boolean accept(File dir, String name) {
return name.endsWith(".der") || name.endsWith(".crt");
}
});
if (certFiles == null || certFiles.length == 0) {
return;
}
for (File certFile : certFiles) {
Certificate cert;
try {
byte[] encoded = IoUtil.read(certFile);
cert = Certificate.getInstance(encoded);
} catch (IllegalArgumentException | IOException ex) {
LOG.warn("could not parse certificate {}, ignore it", certFile.getPath());
continue;
}
String certLogId = "(file " + certFile.getName() + ")";
addCertificate(maxId, caId, cert, null, certLogId);
}
}
}
Also used :
SQLException(java.sql.SQLException)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
FilenameFilter(java.io.FilenameFilter)
X509CRLEntry(java.security.cert.X509CRLEntry)
CrlReason(org.xipki.security.CrlReason)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
PreparedStatement(java.sql.PreparedStatement)
IOException(java.io.IOException)
Date(java.util.Date)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
ParseException(java.text.ParseException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Example 8 with ASN1GeneralizedTime
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class CmpResponder method buildErrorPkiMessage.
// method addProtection
protected PKIMessage buildErrorPkiMessage(ASN1OctetString tid, PKIHeader requestHeader, int failureCode, String statusText) {
GeneralName respRecipient = requestHeader.getSender();
PKIHeaderBuilder respHeader = new PKIHeaderBuilder(requestHeader.getPvno().getValue().intValue(), getSender(), respRecipient);
respHeader.setMessageTime(new ASN1GeneralizedTime(new Date()));
if (tid != null) {
respHeader.setTransactionID(tid);
}
ASN1OctetString senderNonce = requestHeader.getSenderNonce();
if (senderNonce != null) {
respHeader.setRecipNonce(senderNonce);
}
PKIStatusInfo status = generateRejectionStatus(failureCode, statusText);
ErrorMsgContent error = new ErrorMsgContent(status);
PKIBody body = new PKIBody(PKIBody.TYPE_ERROR, error);
return new PKIMessage(respHeader.build(), body);
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ProtectedPKIMessage(org.bouncycastle.cert.cmp.ProtectedPKIMessage)
PKIMessage(org.bouncycastle.asn1.cmp.PKIMessage)
GeneralPKIMessage(org.bouncycastle.cert.cmp.GeneralPKIMessage)
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
PKIHeaderBuilder(org.bouncycastle.asn1.cmp.PKIHeaderBuilder)
PKIStatusInfo(org.bouncycastle.asn1.cmp.PKIStatusInfo)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
Date(java.util.Date)
Example 9 with ASN1GeneralizedTime
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ExtensionsChecker method checkExtensionPrivateKeyUsagePeriod.
// method checkExtensionValidityModel
private void checkExtensionPrivateKeyUsagePeriod(StringBuilder failureMsg, byte[] extensionValue, Date certNotBefore, Date certNotAfter) {
ASN1GeneralizedTime notBefore = new ASN1GeneralizedTime(certNotBefore);
Date dateNotAfter;
CertValidity privateKeyUsagePeriod = certProfile.getPrivateKeyUsagePeriod();
if (privateKeyUsagePeriod == null) {
dateNotAfter = certNotAfter;
} else {
dateNotAfter = privateKeyUsagePeriod.add(certNotBefore);
if (dateNotAfter.after(certNotAfter)) {
dateNotAfter = certNotAfter;
}
}
ASN1GeneralizedTime notAfter = new ASN1GeneralizedTime(dateNotAfter);
org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod extValue = org.bouncycastle.asn1.x509.PrivateKeyUsagePeriod.getInstance(extensionValue);
ASN1GeneralizedTime time = extValue.getNotBefore();
if (time == null) {
failureMsg.append("notBefore is absent but expected present; ");
} else if (!time.equals(notBefore)) {
addViolation(failureMsg, "notBefore", time.getTimeString(), notBefore.getTimeString());
}
time = extValue.getNotAfter();
if (time == null) {
failureMsg.append("notAfter is absent but expected present; ");
} else if (!time.equals(notAfter)) {
addViolation(failureMsg, "notAfter", time.getTimeString(), notAfter.getTimeString());
}
}
Also used :
CertValidity(org.xipki.ca.api.profile.CertValidity)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
Date(java.util.Date)
Example 10 with ASN1GeneralizedTime
use of com.unboundid.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class SubjectChecker method getRdnTextValueOfRequest.
private static String getRdnTextValueOfRequest(RDN requestedRdn) throws BadCertTemplateException {
ASN1ObjectIdentifier type = requestedRdn.getFirst().getType();
ASN1Encodable vec = requestedRdn.getFirst().getValue();
if (ObjectIdentifiers.DN_DATE_OF_BIRTH.equals(type)) {
if (!(vec instanceof ASN1GeneralizedTime)) {
throw new BadCertTemplateException("requested RDN is not of GeneralizedTime");
}
return ((ASN1GeneralizedTime) vec).getTimeString();
} else if (ObjectIdentifiers.DN_POSTAL_ADDRESS.equals(type)) {
if (!(vec instanceof ASN1Sequence)) {
throw new BadCertTemplateException("requested RDN is not of Sequence");
}
ASN1Sequence seq = (ASN1Sequence) vec;
final int n = seq.size();
StringBuilder sb = new StringBuilder();
for (int i = 0; i < n; i++) {
ASN1Encodable obj = seq.getObjectAt(i);
String textValue = X509Util.rdnValueToString(obj);
sb.append("[").append(i).append("]=").append(textValue).append(",");
}
return sb.toString();
} else {
return X509Util.rdnValueToString(vec);
}
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)24
ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)10
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)10
IOException (java.io.IOException)10
Date (java.util.Date)10
ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)9
ASN1BitString (com.unboundid.asn1.ASN1BitString)9
ASN1Element (com.unboundid.asn1.ASN1Element)9
ASN1Integer (com.unboundid.asn1.ASN1Integer)9
ASN1Null (com.unboundid.asn1.ASN1Null)9
ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)9
DN (com.unboundid.ldap.sdk.DN)9
OID (com.unboundid.util.OID)9
Test (org.testng.annotations.Test)9
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
DEROctetString (org.bouncycastle.asn1.DEROctetString)7
ASN1GeneralizedTime (com.github.zhenwei.core.asn1.ASN1GeneralizedTime)6
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)6
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)6
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5
