Example 71 with CertificateEncodingException
use of java.security.cert.CertificateEncodingException in project xipki by xipki.
the class AbstractOcspRequestor method ask.
@Override
public OCSPResp ask(X509Certificate issuerCert, X509Certificate cert, URL responderUrl, RequestOptions requestOptions, RequestResponseDebug debug) throws OcspResponseException, OcspRequestorException {
ParamUtil.requireNonNull("issuerCert", issuerCert);
ParamUtil.requireNonNull("cert", cert);
try {
if (!X509Util.issues(issuerCert, cert)) {
throw new IllegalArgumentException("cert and issuerCert do not match");
}
} catch (CertificateEncodingException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
return ask(issuerCert, new BigInteger[] { cert.getSerialNumber() }, responderUrl, requestOptions, debug);
}
Also used :
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 72 with CertificateEncodingException
use of java.security.cert.CertificateEncodingException in project xipki by xipki.
the class AbstractOcspRequestor method ask.
@Override
public OCSPResp ask(X509Certificate issuerCert, X509Certificate[] certs, URL responderUrl, RequestOptions requestOptions, RequestResponseDebug debug) throws OcspResponseException, OcspRequestorException {
ParamUtil.requireNonNull("issuerCert", issuerCert);
ParamUtil.requireNonNull("certs", certs);
ParamUtil.requireMin("certs.length", certs.length, 1);
BigInteger[] serialNumbers = new BigInteger[certs.length];
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
try {
if (!X509Util.issues(issuerCert, cert)) {
throw new IllegalArgumentException("cert at index " + i + " and issuerCert do not match");
}
} catch (CertificateEncodingException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
serialNumbers[i] = cert.getSerialNumber();
}
return ask(issuerCert, serialNumbers, responderUrl, requestOptions, debug);
}
Also used :
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
BigInteger(java.math.BigInteger)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
Example 73 with CertificateEncodingException
use of java.security.cert.CertificateEncodingException in project xipki by xipki.
the class CaManagerQueryExecutor method addRequestor.
// method addCmpControl
void addRequestor(RequestorEntry dbEntry) throws CaMgmtException {
ParamUtil.requireNonNull("dbEntry", dbEntry);
try {
int id = (int) datasource.getMax(null, "REQUESTOR", "ID");
dbEntry.getIdent().setId(id + 1);
} catch (DataAccessException ex) {
throw new CaMgmtException(ex);
}
final String sql = "INSERT INTO REQUESTOR (ID,NAME,CERT) VALUES (?,?,?)";
PreparedStatement ps = null;
try {
ps = prepareStatement(sql);
int idx = 1;
ps.setInt(idx++, dbEntry.getIdent().getId());
ps.setString(idx++, dbEntry.getIdent().getName());
ps.setString(idx++, Base64.encodeToString(dbEntry.getCert().getEncoded()));
if (ps.executeUpdate() == 0) {
throw new CaMgmtException("could not add requestor " + dbEntry.getIdent());
}
if (LOG.isInfoEnabled()) {
LOG.info("added requestor '{}': {}", dbEntry.getIdent(), dbEntry.toString(false));
}
} catch (SQLException ex) {
throw new CaMgmtException(datasource, sql, ex);
} catch (CertificateEncodingException ex) {
throw new CaMgmtException(ex);
} finally {
datasource.releaseResources(ps, null);
}
}
Also used :
CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException)
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
DataAccessException(org.xipki.datasource.DataAccessException)
Example 74 with CertificateEncodingException
use of java.security.cert.CertificateEncodingException in project xipki by xipki.
the class ScepUtil method getCoreExtValue.
private static byte[] getCoreExtValue(X509Certificate cert, ASN1ObjectIdentifier type) throws CertificateEncodingException {
requireNonNull("cert", cert);
requireNonNull("type", type);
byte[] fullExtValue = cert.getExtensionValue(type.getId());
if (fullExtValue == null) {
return null;
}
try {
return ASN1OctetString.getInstance(fullExtValue).getOctets();
} catch (IllegalArgumentException ex) {
throw new CertificateEncodingException("invalid extension " + type.getId() + ": " + ex.getMessage());
}
}
Also used :
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Example 75 with CertificateEncodingException
use of java.security.cert.CertificateEncodingException in project xipki by xipki.
the class NextCaMessage method encode.
public ContentInfo encode(PrivateKey signingKey, X509Certificate signerCert, X509Certificate[] cmsCertSet) throws MessageEncodingException {
ScepUtil.requireNonNull("signingKey", signingKey);
ScepUtil.requireNonNull("signerCert", signerCert);
try {
byte[] degenratedSignedDataBytes;
try {
CMSSignedDataGenerator degenerateSignedData = new CMSSignedDataGenerator();
degenerateSignedData.addCertificate(new X509CertificateHolder(caCert.getEncoded()));
if (raCerts != null && !raCerts.isEmpty()) {
for (X509Certificate m : raCerts) {
degenerateSignedData.addCertificate(new X509CertificateHolder(m.getEncoded()));
}
}
degenratedSignedDataBytes = degenerateSignedData.generate(new CMSAbsentContent()).getEncoded();
} catch (CertificateEncodingException ex) {
throw new MessageEncodingException(ex.getMessage(), ex);
}
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
// I don't known which hash algorithm is supported by the client, use SHA-1
String signatureAlgo = getSignatureAlgorithm(signingKey, ScepHashAlgo.SHA1);
ContentSigner signer = new JcaContentSignerBuilder(signatureAlgo).build(signingKey);
// signerInfo
JcaSignerInfoGeneratorBuilder signerInfoBuilder = new JcaSignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoBuilder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator());
SignerInfoGenerator signerInfo = signerInfoBuilder.build(signer, signerCert);
generator.addSignerInfoGenerator(signerInfo);
CMSTypedData cmsContent = new CMSProcessableByteArray(CMSObjectIdentifiers.signedData, degenratedSignedDataBytes);
// certificateSet
ScepUtil.addCmsCertSet(generator, cmsCertSet);
return generator.generate(cmsContent, true).toASN1Structure();
} catch (CMSException | CertificateEncodingException | IOException | OperatorCreationException ex) {
throw new MessageEncodingException(ex);
}
}
Also used :
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
DefaultSignedAttributeTableGenerator(org.bouncycastle.cms.DefaultSignedAttributeTableGenerator)
CMSTypedData(org.bouncycastle.cms.CMSTypedData)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
CMSAbsentContent(org.bouncycastle.cms.CMSAbsentContent)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
MessageEncodingException(org.xipki.scep.exception.MessageEncodingException)
X509Certificate(java.security.cert.X509Certificate)
JcaSignerInfoGeneratorBuilder(org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
SignerInfoGenerator(org.bouncycastle.cms.SignerInfoGenerator)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
CMSException(org.bouncycastle.cms.CMSException)
Aggregations
CertificateEncodingException (java.security.cert.CertificateEncodingException)210
X509Certificate (java.security.cert.X509Certificate)94
IOException (java.io.IOException)76
Certificate (java.security.cert.Certificate)29
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)27
KeyStoreException (java.security.KeyStoreException)19
MessageDigest (java.security.MessageDigest)19
ArrayList (java.util.ArrayList)19
X500Name (org.bouncycastle.asn1.x500.X500Name)16
CertificateException (java.security.cert.CertificateException)14
BigInteger (java.math.BigInteger)11
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)10
Bundle (android.os.Bundle)9
PublicKey (java.security.PublicKey)9
Date (java.util.Date)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
ByteArrayOutputStream (java.io.ByteArrayOutputStream)8
File (java.io.File)8
PrivateKey (java.security.PrivateKey)8
DEROctetString (org.bouncycastle.asn1.DEROctetString)8
