Examples with ASN1GeneralizedTime com.unboundid.asn1.ASN1GeneralizedTime used on opensource projects

Example 31 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class BasicOCSPRespBuilder method build.

public BasicOCSPResp build(ContentSigner signer, X509CertificateHolder[] chain, Date producedAt) throws OCSPException {
    Iterator it = list.iterator();
    ASN1EncodableVector responses = new ASN1EncodableVector();
    while (it.hasNext()) {
        try {
            responses.add(((ResponseObject) it.next()).toResponse());
        } catch (Exception e) {
            throw new OCSPException("exception creating Request", e);
        }
    }
    ResponseData tbsResp = new ResponseData(responderID.toASN1Primitive(), new ASN1GeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
    DERBitString bitSig;
    try {
        OutputStream sigOut = signer.getOutputStream();
        sigOut.write(tbsResp.getEncoded(ASN1Encoding.DER));
        sigOut.close();
        bitSig = new DERBitString(signer.getSignature());
    } catch (Exception e) {
        throw new OCSPException("exception processing TBSRequest: " + e.getMessage(), e);
    }
    AlgorithmIdentifier sigAlgId = signer.getAlgorithmIdentifier();
    DERSequence chainSeq = null;
    if (chain != null && chain.length > 0) {
        ASN1EncodableVector v = new ASN1EncodableVector();
        for (int i = 0; i != chain.length; i++) {
            v.add(chain[i].toASN1Structure());
        }
        chainSeq = new DERSequence(v);
    }
    return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq));
}

Example 32 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class TimeStampTokenGenerator method generate.

/**
 * Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
 * in genTime.
 *
 * @param request              the originating request.
 * @param serialNumber         serial number for the TimeStampToken
 * @param genTime              token generation time.
 * @param additionalExtensions extra extensions to be added to the response token.
 * @return a TimeStampToken
 * @throws TSPException
 */
public TimeStampToken generate(TimeStampRequest request, BigInteger serialNumber, Date genTime, Extensions additionalExtensions) throws TSPException {
    AlgorithmIdentifier algID = request.getMessageImprintAlgID();
    MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
    Accuracy accuracy = null;
    if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
        ASN1Integer seconds = null;
        if (accuracySeconds > 0) {
            seconds = new ASN1Integer(accuracySeconds);
        }
        ASN1Integer millis = null;
        if (accuracyMillis > 0) {
            millis = new ASN1Integer(accuracyMillis);
        }
        ASN1Integer micros = null;
        if (accuracyMicros > 0) {
            micros = new ASN1Integer(accuracyMicros);
        }
        accuracy = new Accuracy(seconds, millis, micros);
    }
    ASN1Boolean derOrdering = null;
    if (ordering) {
        derOrdering = ASN1Boolean.getInstance(ordering);
    }
    ASN1Integer nonce = null;
    if (request.getNonce() != null) {
        nonce = new ASN1Integer(request.getNonce());
    }
    ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
    if (request.getReqPolicy() != null) {
        tsaPolicy = request.getReqPolicy();
    }
    Extensions respExtensions = request.getExtensions();
    if (additionalExtensions != null) {
        ExtensionsGenerator extGen = new ExtensionsGenerator();
        if (respExtensions != null) {
            for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
                extGen.addExtension(respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
            }
        }
        for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
            extGen.addExtension(additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
        }
        respExtensions = extGen.generate();
    }
    ASN1GeneralizedTime timeStampTime;
    if (resolution == R_SECONDS) {
        timeStampTime = (locale == null) ? new ASN1GeneralizedTime(genTime) : new ASN1GeneralizedTime(genTime, locale);
    } else {
        timeStampTime = createGeneralizedTime(genTime);
    }
    TSTInfo tstInfo = new TSTInfo(tsaPolicy, messageImprint, new ASN1Integer(serialNumber), timeStampTime, accuracy, derOrdering, nonce, tsa, respExtensions);
    try {
        CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
        if (request.getCertReq()) {
            // TODO: do we need to check certs non-empty?
            signedDataGenerator.addCertificates(new CollectionStore(certs));
            signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
        }
        signedDataGenerator.addCRLs(new CollectionStore(crls));
        if (!otherRevoc.isEmpty()) {
            for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
                ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();
                signedDataGenerator.addOtherRevocationInfo(format, new CollectionStore((Collection) otherRevoc.get(format)));
            }
        }
        signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
        byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);
        CMSSignedData signedData = signedDataGenerator.generate(new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo), true);
        return new TimeStampToken(signedData);
    } catch (CMSException cmsEx) {
        throw new TSPException("Error generating time-stamp token", cmsEx);
    } catch (IOException e) {
        throw new TSPException("Exception encoding info", e);
    }
}

Example 33 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project LinLong-Java by zhenwei1108.

the class OcspCache method getOcspResponse.

static OCSPResponse getOcspResponse(CertID certID, PKIXCertRevocationCheckerParameters parameters, URI ocspResponder, X509Certificate responderCert, List<Extension> ocspExtensions, JcaJceHelper helper) throws CertPathValidatorException {
    Map<CertID, OCSPResponse> responseMap = null;
    WeakReference<Map<CertID, OCSPResponse>> markerRef = cache.get(ocspResponder);
    if (markerRef != null) {
        responseMap = markerRef.get();
    }
    if (responseMap != null) {
        OCSPResponse response = responseMap.get(certID);
        if (response != null) {
            BasicOCSPResponse basicResp = BasicOCSPResponse.getInstance(ASN1OctetString.getInstance(response.getResponseBytes().getResponse()).getOctets());
            ResponseData responseData = ResponseData.getInstance(basicResp.getTbsResponseData());
            ASN1Sequence s = responseData.getResponses();
            for (int i = 0; i != s.size(); i++) {
                SingleResponse resp = SingleResponse.getInstance(s.getObjectAt(i));
                if (certID.equals(resp.getCertID())) {
                    ASN1GeneralizedTime nextUp = resp.getNextUpdate();
                    try {
                        if (nextUp != null && parameters.getValidDate().after(nextUp.getDate())) {
                            responseMap.remove(certID);
                            response = null;
                        }
                    } catch (ParseException e) {
                        // this should never happen, but...
                        responseMap.remove(certID);
                        response = null;
                    }
                }
            }
            if (response != null) {
                return response;
            }
        }
    }
    URL ocspUrl;
    try {
        ocspUrl = ocspResponder.toURL();
    } catch (MalformedURLException e) {
        throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
    }
    // 
    // basic request generation
    // 
    ASN1EncodableVector requests = new ASN1EncodableVector();
    requests.add(new Request(certID, null));
    List exts = ocspExtensions;
    ASN1EncodableVector requestExtensions = new ASN1EncodableVector();
    byte[] nonce = null;
    for (int i = 0; i != exts.size(); i++) {
        Extension ext = (Extension) exts.get(i);
        byte[] value = ext.getValue();
        if (OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId().equals(ext.getId())) {
            nonce = value;
        }
        requestExtensions.add(new com.github.zhenwei.core.asn1.x509.Extension(new ASN1ObjectIdentifier(ext.getId()), ext.isCritical(), value));
    }
    // TODO: configure originator
    TBSRequest tbsReq = new TBSRequest(null, new DERSequence(requests), Extensions.getInstance(new DERSequence(requestExtensions)));
    com.github.zhenwei.core.asn1.ocsp.Signature signature = null;
    try {
        byte[] request = new OCSPRequest(tbsReq, signature).getEncoded();
        HttpURLConnection ocspCon = (HttpURLConnection) ocspUrl.openConnection();
        ocspCon.setConnectTimeout(DEFAULT_TIMEOUT);
        ocspCon.setReadTimeout(DEFAULT_TIMEOUT);
        ocspCon.setDoOutput(true);
        ocspCon.setDoInput(true);
        ocspCon.setRequestMethod("POST");
        ocspCon.setRequestProperty("Content-type", "application/ocsp-request");
        ocspCon.setRequestProperty("Content-length", String.valueOf(request.length));
        OutputStream reqOut = ocspCon.getOutputStream();
        reqOut.write(request);
        reqOut.flush();
        InputStream reqIn = ocspCon.getInputStream();
        int contentLength = ocspCon.getContentLength();
        if (contentLength < 0) {
            // TODO: make configurable
            contentLength = DEFAULT_MAX_RESPONSE_SIZE;
        }
        OCSPResponse response = OCSPResponse.getInstance(Streams.readAllLimited(reqIn, contentLength));
        if (OCSPResponseStatus.SUCCESSFUL == response.getResponseStatus().getIntValue()) {
            boolean validated = false;
            ResponseBytes respBytes = ResponseBytes.getInstance(response.getResponseBytes());
            if (respBytes.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic)) {
                BasicOCSPResponse basicResp = BasicOCSPResponse.getInstance(respBytes.getResponse().getOctets());
                validated = ProvOcspRevocationChecker.validatedOcspResponse(basicResp, parameters, nonce, responderCert, helper);
            }
            if (!validated) {
                throw new CertPathValidatorException("OCSP response failed to validate", null, parameters.getCertPath(), parameters.getIndex());
            }
            markerRef = cache.get(ocspResponder);
            if (markerRef != null) {
                responseMap = markerRef.get();
                responseMap.put(certID, response);
            } else {
                responseMap = new HashMap<CertID, OCSPResponse>();
                responseMap.put(certID, response);
                cache.put(ocspResponder, new WeakReference<Map<CertID, OCSPResponse>>(responseMap));
            }
            return response;
        } else {
            throw new CertPathValidatorException("OCSP responder failed: " + response.getResponseStatus().getValue(), null, parameters.getCertPath(), parameters.getIndex());
        }
    } catch (IOException e) {
        throw new CertPathValidatorException("configuration error: " + e.getMessage(), e, parameters.getCertPath(), parameters.getIndex());
    }
}

Example 34 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedCertSignatureAlgorithm.

/**
 * Tests the behavior when trying to decode a certificate with a mismatch in
 * the signature algorithm between the TBSCertificate and Certificate
 * sequences.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedCertSignatureAlgorithm() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1OctetString("not a valid sequence"), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}

Example 35 with ASN1GeneralizedTime

use of com.unboundid.asn1.ASN1GeneralizedTime in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedPublicKey.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * public key info structure.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedPublicKey() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1OctetString("not a valid sequence")), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}