Search in sources :

Example 31 with Certificate

use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.

the class X509CertPathImpl method getCertPathFromContentInfo.

/**
     * Extract a CertPath from a PKCS#7 {@code contentInfo} object.
     */
private static X509CertPathImpl getCertPathFromContentInfo(ContentInfo contentInfo) throws CertificateException {
    final SignedData sd = contentInfo.getSignedData();
    if (sd == null) {
        throw new CertificateException("Incorrect PKCS7 encoded form: missing signed data");
    }
    List<Certificate> certs = sd.getCertificates();
    if (certs == null) {
        certs = Collections.emptyList();
    }
    final List<X509Certificate> result = new ArrayList<X509Certificate>(certs.size());
    for (Certificate cert : certs) {
        result.add(new X509CertImpl(cert));
    }
    return new X509CertPathImpl(result, Encoding.PKCS7);
}
Also used : SignedData(org.apache.harmony.security.pkcs7.SignedData) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(org.apache.harmony.security.x509.Certificate)

Example 32 with Certificate

use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.

the class X509CRLImpl method retrieveEntries.

/*
     * Retrieves the crl entries (TBSCertList.RevokedCertificate objects)
     * from the TBSCertList structure and converts them to the
     * X509CRLEntryImpl objects
     */
private void retrieveEntries() {
    entriesRetrieved = true;
    List rcerts = tbsCertList.getRevokedCertificates();
    if (rcerts == null) {
        return;
    }
    entriesSize = rcerts.size();
    entries = new ArrayList(entriesSize);
    // null means that revoked certificate issuer is the same as CRL issuer
    X500Principal rcertIssuer = null;
    for (int i = 0; i < entriesSize; i++) {
        TBSCertList.RevokedCertificate rcert = (TBSCertList.RevokedCertificate) rcerts.get(i);
        X500Principal iss = rcert.getIssuer();
        if (iss != null) {
            // certificate issuer differs from CRL issuer
            // and CRL is indirect.
            rcertIssuer = iss;
            isIndirectCRL = true;
            // remember how many leading revoked certificates in the
            // list are issued by the same issuer as issuer of CRL
            // (these certificates are first in the list)
            nonIndirectEntriesSize = i;
        }
        entries.add(new X509CRLEntryImpl(rcert, rcertIssuer));
    }
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) TBSCertList(org.apache.harmony.security.x509.TBSCertList) CertificateList(org.apache.harmony.security.x509.CertificateList) List(java.util.List) TBSCertList(org.apache.harmony.security.x509.TBSCertList)

Example 33 with Certificate

use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.

the class X509CertSelectorTest method test_setSubjectAlternativeNamesLjava_util_Collection.

/**
     * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
     */
public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setSubjectAlternativeNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setSubjectAlternativeNames(sans);
    selector.getSubjectAlternativeNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 34 with Certificate

use of org.apache.harmony.security.x509.Certificate in project robovm by robovm.

the class X509CertSelectorTest method test_setPathToNamesLjava_util_Collection.

/**
     * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>)
     */
public void test_setPathToNamesLjava_util_Collection() throws Exception {
    GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
    GeneralName san1 = new GeneralName(1, "rfc@822.Name");
    GeneralName san2 = new GeneralName(2, "dNSName");
    GeneralName san3 = new GeneralName(new ORAddress());
    GeneralName san4 = new GeneralName(new Name("O=Organization"));
    GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
    GeneralName san7 = new GeneralName(7, "1.1.1.1");
    GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
    GeneralNames sans1 = new GeneralNames();
    sans1.addName(san0);
    sans1.addName(san1);
    sans1.addName(san2);
    sans1.addName(san3);
    sans1.addName(san4);
    sans1.addName(san6);
    sans1.addName(san7);
    sans1.addName(san8);
    GeneralNames sans2 = new GeneralNames();
    sans2.addName(san0);
    TestCert cert1 = new TestCert(sans1);
    TestCert cert2 = new TestCert(sans2);
    X509CertSelector selector = new X509CertSelector();
    selector.setMatchAllSubjectAltNames(true);
    selector.setPathToNames(null);
    assertTrue("Any certificate should match in the case of null " + "subjectAlternativeNames criteria.", selector.match(cert1) && selector.match(cert2));
    Collection<List<?>> sans = sans1.getPairsList();
    selector.setPathToNames(sans);
    selector.getPathToNames();
}
Also used : GeneralNames(org.apache.harmony.security.x509.GeneralNames) OtherName(org.apache.harmony.security.x509.OtherName) X509CertSelector(java.security.cert.X509CertSelector) List(java.util.List) ArrayList(java.util.ArrayList) GeneralName(org.apache.harmony.security.x509.GeneralName) ORAddress(org.apache.harmony.security.x509.ORAddress) GeneralName(org.apache.harmony.security.x509.GeneralName) OtherName(org.apache.harmony.security.x509.OtherName) Name(org.apache.harmony.security.x501.Name)

Example 35 with Certificate

use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.

the class AbstractOcspRequestor method buildRequest.

// method ask
private OCSPRequest buildRequest(X509Certificate caCert, BigInteger[] serialNumbers, byte[] nonce, RequestOptions requestOptions) throws OcspRequestorException {
    HashAlgo hashAlgo = HashAlgo.getInstance(requestOptions.getHashAlgorithmId());
    if (hashAlgo == null) {
        throw new OcspRequestorException("unknown HashAlgo " + requestOptions.getHashAlgorithmId().getId());
    }
    List<AlgorithmIdentifier> prefSigAlgs = requestOptions.getPreferredSignatureAlgorithms();
    XiOCSPReqBuilder reqBuilder = new XiOCSPReqBuilder();
    List<Extension> extensions = new LinkedList<>();
    if (nonce != null) {
        extensions.add(new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)));
    }
    if (prefSigAlgs != null && prefSigAlgs.size() > 0) {
        ASN1EncodableVector vec = new ASN1EncodableVector();
        for (AlgorithmIdentifier algId : prefSigAlgs) {
            vec.add(new DERSequence(algId));
        }
        ASN1Sequence extnValue = new DERSequence(vec);
        Extension extn;
        try {
            extn = new Extension(ObjectIdentifiers.id_pkix_ocsp_prefSigAlgs, false, new DEROctetString(extnValue));
        } catch (IOException ex) {
            throw new OcspRequestorException(ex.getMessage(), ex);
        }
        extensions.add(extn);
    }
    if (CollectionUtil.isNonEmpty(extensions)) {
        reqBuilder.setRequestExtensions(new Extensions(extensions.toArray(new Extension[0])));
    }
    try {
        DEROctetString issuerNameHash = new DEROctetString(hashAlgo.hash(caCert.getSubjectX500Principal().getEncoded()));
        TBSCertificate tbsCert;
        try {
            tbsCert = TBSCertificate.getInstance(caCert.getTBSCertificate());
        } catch (CertificateEncodingException ex) {
            throw new OcspRequestorException(ex);
        }
        DEROctetString issuerKeyHash = new DEROctetString(hashAlgo.hash(tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getOctets()));
        for (BigInteger serialNumber : serialNumbers) {
            CertID certId = new CertID(hashAlgo.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
            reqBuilder.addRequest(certId);
        }
        if (requestOptions.isSignRequest()) {
            synchronized (signerLock) {
                if (signer == null) {
                    if (StringUtil.isBlank(signerType)) {
                        throw new OcspRequestorException("signerType is not configured");
                    }
                    if (StringUtil.isBlank(signerConf)) {
                        throw new OcspRequestorException("signerConf is not configured");
                    }
                    X509Certificate cert = null;
                    if (StringUtil.isNotBlank(signerCertFile)) {
                        try {
                            cert = X509Util.parseCert(signerCertFile);
                        } catch (CertificateException ex) {
                            throw new OcspRequestorException("could not parse certificate " + signerCertFile + ": " + ex.getMessage());
                        }
                    }
                    try {
                        signer = getSecurityFactory().createSigner(signerType, new SignerConf(signerConf), cert);
                    } catch (Exception ex) {
                        throw new OcspRequestorException("could not create signer: " + ex.getMessage());
                    }
                }
            // end if
            }
            // end synchronized
            reqBuilder.setRequestorName(signer.getBcCertificate().getSubject());
            X509CertificateHolder[] certChain0 = signer.getBcCertificateChain();
            Certificate[] certChain = new Certificate[certChain0.length];
            for (int i = 0; i < certChain.length; i++) {
                certChain[i] = certChain0[i].toASN1Structure();
            }
            ConcurrentBagEntrySigner signer0;
            try {
                signer0 = signer.borrowSigner();
            } catch (NoIdleSignerException ex) {
                throw new OcspRequestorException("NoIdleSignerException: " + ex.getMessage());
            }
            try {
                return reqBuilder.build(signer0.value(), certChain);
            } finally {
                signer.requiteSigner(signer0);
            }
        } else {
            return reqBuilder.build();
        }
    // end if
    } catch (OCSPException | IOException ex) {
        throw new OcspRequestorException(ex.getMessage(), ex);
    }
}
Also used : HashAlgo(org.xipki.security.HashAlgo) CertID(org.bouncycastle.asn1.ocsp.CertID) CertificateException(java.security.cert.CertificateException) Extensions(org.bouncycastle.asn1.x509.Extensions) DEROctetString(org.bouncycastle.asn1.DEROctetString) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DERSequence(org.bouncycastle.asn1.DERSequence) OCSPException(org.bouncycastle.cert.ocsp.OCSPException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) SignerConf(org.xipki.security.SignerConf) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) ConcurrentBagEntrySigner(org.xipki.security.ConcurrentBagEntrySigner) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) OcspNonceUnmatchedException(org.xipki.ocsp.client.api.OcspNonceUnmatchedException) OCSPException(org.bouncycastle.cert.ocsp.OCSPException) OcspResponseException(org.xipki.ocsp.client.api.OcspResponseException) OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException) CertificateEncodingException(java.security.cert.CertificateEncodingException) NoIdleSignerException(org.xipki.security.exception.NoIdleSignerException) ResponderUnreachableException(org.xipki.ocsp.client.api.ResponderUnreachableException) OcspTargetUnmatchedException(org.xipki.ocsp.client.api.OcspTargetUnmatchedException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) InvalidOcspResponseException(org.xipki.ocsp.client.api.InvalidOcspResponseException) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)35 X509Certificate (java.security.cert.X509Certificate)29 IOException (java.io.IOException)23 CertificateException (java.security.cert.CertificateException)18 ArrayList (java.util.ArrayList)11 Date (java.util.Date)11 BigInteger (java.math.BigInteger)9 List (java.util.List)9 X500Name (org.bouncycastle.asn1.x500.X500Name)9 File (java.io.File)7 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 GeneralName (org.apache.harmony.security.x509.GeneralName)6 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)6 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)6 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)5 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)5 EOFException (java.io.EOFException)4 X509CRL (java.security.cert.X509CRL)4