Examples with X509CRLEntry java.security.cert.X509CRLEntry used on opensource projects

Example 26 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project iaf by ibissource.

the class CrlPipe method doPipe.

public PipeRunResult doPipe(Object input, IPipeLineSession session) throws PipeRunException {
    X509CRL crl;
    InputStream inputStream = (InputStream) input;
    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        crl = (X509CRL) cf.generateCRL(inputStream);
    } catch (CertificateException e) {
        throw new PipeRunException(this, "Could not read CRL", e);
    } catch (CRLException e) {
        throw new PipeRunException(this, "Could not read CRL", e);
    } finally {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                log.warn("Could not close CRL input stream", e);
            }
        }
    }
    String result = null;
    if (isCRLOK(crl, (InputStream) session.get(getIssuerSessionKey()))) {
        XmlBuilder root = new XmlBuilder("SerialNumbers");
        Iterator<? extends X509CRLEntry> it = crl.getRevokedCertificates().iterator();
        while (it.hasNext()) {
            X509CRLEntry e = (X509CRLEntry) it.next();
            XmlBuilder serialNumber = new XmlBuilder("SerialNumber");
            serialNumber.setValue(e.getSerialNumber().toString(16));
            root.addSubElement(serialNumber);
        }
        result = root.toXML();
    }
    return new PipeRunResult(getForward(), result);
}

Example 27 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project certmgr by hdecarne.

the class X509CRLHelper method toAttributes.

/**
 * Get a CRL object's {@code Attributes}.
 *
 * @param crl The CRL object to get the attributes for.
 * @return The CRL object's attributes.
 */
public static Attributes toAttributes(X509CRL crl) {
    Attributes crlAttributes = new Attributes(AttributesI18N.formatSTR_CRL());
    crlAttributes.add(AttributesI18N.formatSTR_CRL_VERSION(), Integer.toString(crl.getVersion()));
    crlAttributes.add(AttributesI18N.formatSTR_CRL_THISUPDATE(), Attributes.printShortDate(crl.getThisUpdate()));
    crlAttributes.add(AttributesI18N.formatSTR_CRL_NEXTUPDATE(), Attributes.printShortDate(crl.getNextUpdate()));
    crlAttributes.add(AttributesI18N.formatSTR_CRL_SIGALG(), crl.getSigAlgName());
    crlAttributes.add(AttributesI18N.formatSTR_CRL_ISSUERDN(), X500Names.toString(crl.getIssuerX500Principal()));
    X509ExtensionHelper.addAttributes(crlAttributes, crl);
    Set<? extends X509CRLEntry> crlEntries = crl.getRevokedCertificates();
    if (crlEntries != null) {
        int entryIndex = 0;
        for (X509CRLEntry crlEntry : crlEntries) {
            BigInteger serial = crlEntry.getSerialNumber();
            X500Principal issuer = crlEntry.getCertificateIssuer();
            String entrySerial = (issuer != null ? AttributesI18N.formatSTR_CRL_ENTRY_SERIAL_INDIRECT(Attributes.printSerial(serial), issuer) : AttributesI18N.formatSTR_CRL_ENTRY_SERIAL(Attributes.printSerial(serial)));
            Attributes crlEntryAttributes = crlAttributes.add(AttributesI18N.formatSTR_CRL_ENTRY(entryIndex), entrySerial);
            Date revocationDate = crlEntry.getRevocationDate();
            crlEntryAttributes.add(AttributesI18N.formatSTR_CRL_ENTRY_DATE(), Attributes.printShortDate(revocationDate));
            CRLReason revocationReason = crlEntry.getRevocationReason();
            if (revocationReason != null) {
                crlEntryAttributes.add(AttributesI18N.formatSTR_CRL_ENTRY_REASON(), ReasonFlag.fromCRLReason(revocationReason).name());
            }
            X509ExtensionHelper.addAttributes(crlEntryAttributes, crlEntry);
            entryIndex++;
        }
    }
    return crlAttributes;
}

Example 28 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project Bytecoder by mirkosertic.

the class Pair method doGenCRL.

private void doGenCRL(PrintStream out) throws Exception {
    if (ids == null) {
        throw new Exception("Must provide -id when -gencrl");
    }
    Certificate signerCert = keyStore.getCertificate(alias);
    byte[] encoded = signerCert.getEncoded();
    X509CertImpl signerCertImpl = new X509CertImpl(encoded);
    X509CertInfo signerCertInfo = (X509CertInfo) signerCertImpl.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
    X500Name owner = (X500Name) signerCertInfo.get(X509CertInfo.SUBJECT + "." + X509CertInfo.DN_NAME);
    Date firstDate = getStartDate(startDate);
    Date lastDate = (Date) firstDate.clone();
    lastDate.setTime(lastDate.getTime() + validity * 1000 * 24 * 60 * 60);
    CertificateValidity interval = new CertificateValidity(firstDate, lastDate);
    PrivateKey privateKey = (PrivateKey) recoverKey(alias, storePass, keyPass).fst;
    if (sigAlgName == null) {
        sigAlgName = getCompatibleSigAlgName(privateKey);
    }
    X509CRLEntry[] badCerts = new X509CRLEntry[ids.size()];
    for (int i = 0; i < ids.size(); i++) {
        String id = ids.get(i);
        int d = id.indexOf(':');
        if (d >= 0) {
            CRLExtensions ext = new CRLExtensions();
            ext.set("Reason", new CRLReasonCodeExtension(Integer.parseInt(id.substring(d + 1))));
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(id.substring(0, d)), firstDate, ext);
        } else {
            badCerts[i] = new X509CRLEntryImpl(new BigInteger(ids.get(i)), firstDate);
        }
    }
    X509CRLImpl crl = new X509CRLImpl(owner, firstDate, lastDate, badCerts);
    crl.sign(privateKey, sigAlgName);
    if (rfc) {
        out.println("-----BEGIN X509 CRL-----");
        out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(crl.getEncodedInternal()));
        out.println("-----END X509 CRL-----");
    } else {
        out.write(crl.getEncodedInternal());
    }
    checkWeak(rb.getString("the.generated.crl"), crl, privateKey);
}

Example 29 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project Bytecoder by mirkosertic.

the class X509CRLImpl method encodeInfo.

/**
 * Encodes the "to-be-signed" CRL to the OutputStream.
 *
 * @param out the OutputStream to write to.
 * @exception CRLException on encoding errors.
 */
public void encodeInfo(OutputStream out) throws CRLException {
    try {
        DerOutputStream tmp = new DerOutputStream();
        DerOutputStream rCerts = new DerOutputStream();
        DerOutputStream seq = new DerOutputStream();
        if (// v2 crl encode version
        version != 0)
            tmp.putInteger(version);
        infoSigAlgId.encode(tmp);
        if ((version == 0) && (issuer.toString() == null))
            throw new CRLException("Null Issuer DN not allowed in v1 CRL");
        issuer.encode(tmp);
        if (thisUpdate.getTime() < YR_2050)
            tmp.putUTCTime(thisUpdate);
        else
            tmp.putGeneralizedTime(thisUpdate);
        if (nextUpdate != null) {
            if (nextUpdate.getTime() < YR_2050)
                tmp.putUTCTime(nextUpdate);
            else
                tmp.putGeneralizedTime(nextUpdate);
        }
        if (!revokedList.isEmpty()) {
            for (X509CRLEntry entry : revokedList) {
                ((X509CRLEntryImpl) entry).encode(rCerts);
            }
            tmp.write(DerValue.tag_Sequence, rCerts);
        }
        if (extensions != null)
            extensions.encode(tmp, isExplicit);
        seq.write(DerValue.tag_Sequence, tmp);
        tbsCertList = seq.toByteArray();
        out.write(tbsCertList);
    } catch (IOException e) {
        throw new CRLException("Encoding error: " + e.getMessage());
    }
}

Example 30 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToBigCRL.

@Test
public void testAddEntryToBigCRL() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    BigInteger serial = new BigInteger("741696FE9E30AD27", 16);
    Set<BigInteger> expected = new HashSet<>();
    for (int i = 0; i < 10000; i++) {
        serial = serial.add(BigInteger.TEN);
        crlBuilder.addCRLEntry(serial, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(serial);
    }
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(i);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertEquals(expected, discoveredSerials);
}