use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class OcspCertStoreFromCaDbImporter method importIssuer0.
private void importIssuer0(CaType issuer, String sql, PreparedStatement ps, List<CaType> cas, List<Integer> relatedCaIds) throws IOException, DataAccessException, CertificateException {
try {
byte[] encodedCert = binary(issuer.getCert());
// retrieve the revocation information of the CA, if possible
CaType ca = null;
for (CaType caType : cas) {
if (Arrays.equals(encodedCert, binary(caType.getCert()))) {
ca = caType;
break;
}
}
if (ca == null) {
return;
}
relatedCaIds.add(issuer.getId());
Certificate cert;
try {
cert = Certificate.getInstance(encodedCert);
} catch (RuntimeException ex) {
String msg = "could not parse certificate of issuer " + issuer.getId();
LogUtil.error(LOG, ex, msg);
throw new CertificateException(ex.getMessage(), ex);
}
int idx = 1;
ps.setInt(idx++, issuer.getId());
ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
ps.setString(idx++, HashAlgo.SHA1.base64Hash(encodedCert));
setBoolean(ps, idx++, ca.isRevoked());
setInt(ps, idx++, ca.getRevReason());
setLong(ps, idx++, ca.getRevTime());
setLong(ps, idx++, ca.getRevInvTime());
ps.setString(idx++, Base64.encodeToString(encodedCert));
ps.execute();
} catch (SQLException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw translate(sql, ex);
} catch (CertificateException ex) {
System.err.println("could not import issuer with id=" + issuer.getId());
throw ex;
}
}
use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class X509Ca method addXipkiCertset.
// method generateCrl
/**
* Add XiPKI extension CrlCertSet.
*
* <pre>
* Xipki-CrlCertSet ::= SET OF Xipki-CrlCert
*
* Xipki-CrlCert ::= SEQUENCE {
* serial INTEGER
* cert [0] EXPLICIT Certificate OPTIONAL
* profileName [1] EXPLICIT UTF8String OPTIONAL
* }
* </pre>
*/
private void addXipkiCertset(X509v2CRLBuilder crlBuilder, boolean deltaCrl, CrlControl control, Date notExpireAt, boolean onlyCaCerts, boolean onlyUserCerts) throws OperationException {
if (deltaCrl || !control.isXipkiCertsetIncluded()) {
return;
}
ASN1EncodableVector vector = new ASN1EncodableVector();
final int numEntries = 100;
long startId = 1;
List<SerialWithId> serials;
do {
serials = certstore.getCertSerials(caIdent, notExpireAt, startId, numEntries, false, onlyCaCerts, onlyUserCerts);
long maxId = 1;
for (SerialWithId sid : serials) {
if (sid.getId() > maxId) {
maxId = sid.getId();
}
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(new ASN1Integer(sid.getSerial()));
Integer profileId = null;
if (control.isXipkiCertsetCertIncluded()) {
X509CertificateInfo certInfo;
try {
certInfo = certstore.getCertificateInfoForId(caIdent, caCert, sid.getId(), caIdNameMap);
} catch (CertificateException ex) {
throw new OperationException(ErrorCode.SYSTEM_FAILURE, "CertificateException: " + ex.getMessage());
}
Certificate cert = Certificate.getInstance(certInfo.getCert().getEncodedCert());
vec.add(new DERTaggedObject(true, 0, cert));
if (control.isXipkiCertsetProfilenameIncluded()) {
profileId = certInfo.getProfile().getId();
}
} else if (control.isXipkiCertsetProfilenameIncluded()) {
profileId = certstore.getCertProfileForId(caIdent, sid.getId());
}
if (profileId != null) {
String profileName = caIdNameMap.getCertprofileName(profileId);
vec.add(new DERTaggedObject(true, 1, new DERUTF8String(profileName)));
}
vector.add(new DERSequence(vec));
}
// end for
startId = maxId + 1;
} while (serials.size() >= numEntries);
try {
crlBuilder.addExtension(ObjectIdentifiers.id_xipki_ext_crlCertset, false, new DERSet(vector));
} catch (CertIOException ex) {
throw new OperationException(ErrorCode.INVALID_EXTENSION, "CertIOException: " + ex.getMessage());
}
}
use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class CsrGenAction method execute0.
@Override
protected Object execute0() throws Exception {
hashAlgo = hashAlgo.trim().toUpperCase();
if (hashAlgo.indexOf('-') != -1) {
hashAlgo = hashAlgo.replaceAll("-", "");
}
if (needExtensionTypes == null) {
needExtensionTypes = new LinkedList<>();
}
if (wantExtensionTypes == null) {
wantExtensionTypes = new LinkedList<>();
}
// SubjectAltNames
List<Extension> extensions = new LinkedList<>();
ASN1OctetString extnValue = createExtnValueSubjectAltName();
if (extnValue != null) {
ASN1ObjectIdentifier oid = Extension.subjectAlternativeName;
extensions.add(new Extension(oid, false, extnValue));
needExtensionTypes.add(oid.getId());
}
// SubjectInfoAccess
extnValue = createExtnValueSubjectInfoAccess();
if (extnValue != null) {
ASN1ObjectIdentifier oid = Extension.subjectInfoAccess;
extensions.add(new Extension(oid, false, extnValue));
needExtensionTypes.add(oid.getId());
}
// Keyusage
if (isNotEmpty(keyusages)) {
Set<KeyUsage> usages = new HashSet<>();
for (String usage : keyusages) {
usages.add(KeyUsage.getKeyUsage(usage));
}
org.bouncycastle.asn1.x509.KeyUsage extValue = X509Util.createKeyUsage(usages);
ASN1ObjectIdentifier extType = Extension.keyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// ExtendedKeyusage
if (isNotEmpty(extkeyusages)) {
ExtendedKeyUsage extValue = X509Util.createExtendedUsage(textToAsn1ObjectIdentifers(extkeyusages));
ASN1ObjectIdentifier extType = Extension.extendedKeyUsage;
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// QcEuLimitValue
if (isNotEmpty(qcEuLimits)) {
ASN1EncodableVector vec = new ASN1EncodableVector();
for (String m : qcEuLimits) {
StringTokenizer st = new StringTokenizer(m, ":");
try {
String currencyS = st.nextToken();
String amountS = st.nextToken();
String exponentS = st.nextToken();
Iso4217CurrencyCode currency;
try {
int intValue = Integer.parseInt(currencyS);
currency = new Iso4217CurrencyCode(intValue);
} catch (NumberFormatException ex) {
currency = new Iso4217CurrencyCode(currencyS);
}
int amount = Integer.parseInt(amountS);
int exponent = Integer.parseInt(exponentS);
MonetaryValue monterayValue = new MonetaryValue(currency, amount, exponent);
QCStatement statment = new QCStatement(ObjectIdentifiers.id_etsi_qcs_QcLimitValue, monterayValue);
vec.add(statment);
} catch (Exception ex) {
throw new Exception("invalid qc-eu-limit '" + m + "'");
}
}
ASN1ObjectIdentifier extType = Extension.qCStatements;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
}
// biometricInfo
if (biometricType != null && biometricHashAlgo != null && biometricFile != null) {
TypeOfBiometricData tmpBiometricType = StringUtil.isNumber(biometricType) ? new TypeOfBiometricData(Integer.parseInt(biometricType)) : new TypeOfBiometricData(new ASN1ObjectIdentifier(biometricType));
ASN1ObjectIdentifier tmpBiometricHashAlgo = AlgorithmUtil.getHashAlg(biometricHashAlgo);
byte[] biometricBytes = IoUtil.read(biometricFile);
MessageDigest md = MessageDigest.getInstance(tmpBiometricHashAlgo.getId());
md.reset();
byte[] tmpBiometricDataHash = md.digest(biometricBytes);
DERIA5String tmpSourceDataUri = null;
if (biometricUri != null) {
tmpSourceDataUri = new DERIA5String(biometricUri);
}
BiometricData biometricData = new BiometricData(tmpBiometricType, new AlgorithmIdentifier(tmpBiometricHashAlgo), new DEROctetString(tmpBiometricDataHash), tmpSourceDataUri);
ASN1EncodableVector vec = new ASN1EncodableVector();
vec.add(biometricData);
ASN1ObjectIdentifier extType = Extension.biometricInfo;
ASN1Sequence extValue = new DERSequence(vec);
extensions.add(new Extension(extType, false, extValue.getEncoded()));
needExtensionTypes.add(extType.getId());
} else if (biometricType == null && biometricHashAlgo == null && biometricFile == null) {
// Do nothing
} else {
throw new Exception("either all of biometric triples (type, hash algo, file)" + " must be set or none of them should be set");
}
for (Extension addExt : getAdditionalExtensions()) {
extensions.add(addExt);
}
needExtensionTypes.addAll(getAdditionalNeedExtensionTypes());
wantExtensionTypes.addAll(getAdditionalWantExtensionTypes());
if (isNotEmpty(needExtensionTypes) || isNotEmpty(wantExtensionTypes)) {
ExtensionExistence ee = new ExtensionExistence(textToAsn1ObjectIdentifers(needExtensionTypes), textToAsn1ObjectIdentifers(wantExtensionTypes));
extensions.add(new Extension(ObjectIdentifiers.id_xipki_ext_cmpRequestExtensions, false, ee.toASN1Primitive().getEncoded()));
}
ConcurrentContentSigner signer = getSigner(new SignatureAlgoControl(rsaMgf1, dsaPlain, gm));
Map<ASN1ObjectIdentifier, ASN1Encodable> attributes = new HashMap<>();
if (CollectionUtil.isNonEmpty(extensions)) {
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(extensions.toArray(new Extension[0])));
}
if (StringUtil.isNotBlank(challengePassword)) {
attributes.put(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(challengePassword));
}
SubjectPublicKeyInfo subjectPublicKeyInfo;
if (signer.getCertificate() != null) {
Certificate cert = Certificate.getInstance(signer.getCertificate().getEncoded());
subjectPublicKeyInfo = cert.getSubjectPublicKeyInfo();
} else {
subjectPublicKeyInfo = KeyUtil.createSubjectPublicKeyInfo(signer.getPublicKey());
}
X500Name subjectDn = getSubject(subject);
PKCS10CertificationRequest csr = generateRequest(signer, subjectPublicKeyInfo, subjectDn, attributes);
File file = new File(outputFilename);
saveVerbose("saved CSR to file", file, csr.getEncoded());
return null;
}
use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class GetCrlCmd method execute0.
@Override
protected Object execute0() throws Exception {
Certificate cert = Certificate.getInstance(IoUtil.read(certFile));
ScepClient client = getScepClient();
X509CRL crl = client.scepGetCrl(getIdentityKey(), getIdentityCert(), cert.getIssuer(), cert.getSerialNumber().getPositiveValue());
if (crl == null) {
throw new CmdFailure("received no CRL from server");
}
saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded());
return null;
}
use of org.apache.harmony.security.x509.Certificate in project xipki by xipki.
the class CmpCaClient method cmpCaCerts.
private Certificate[] cmpCaCerts() throws Exception {
ProtectedPKIMessageBuilder builder = new ProtectedPKIMessageBuilder(PKIHeader.CMP_2000, requestorSubject, responderSubject);
builder.setMessageTime(new Date());
builder.setTransactionID(randomTransactionId());
builder.setSenderNonce(randomSenderNonce());
InfoTypeAndValue itv = new InfoTypeAndValue(id_xipki_cmp);
PKIBody body = new PKIBody(PKIBody.TYPE_GEN_MSG, new GenMsgContent(itv));
builder.setBody(body);
ProtectedPKIMessage request = builder.build(requestorSigner);
PKIMessage response = transmit(request);
ASN1Encodable asn1Value = extractGeneralRepContent(response, id_xipki_cmp.getId());
ASN1Sequence seq = ASN1Sequence.getInstance(asn1Value);
final int size = seq.size();
Certificate[] caCerts = new Certificate[size];
for (int i = 0; i < size; i++) {
caCerts[i] = CMPCertificate.getInstance(seq.getObjectAt(i)).getX509v3PKCert();
}
return caCerts;
}
Aggregations