Example 1 with ASN1GeneralizedTime
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.
the class X509Ext method getInvalidityDateStringValue.
private String getInvalidityDateStringValue(byte[] value) throws IOException {
// @formatter:off
/* InvalidityDate ::= ASN1GeneralizedTime */
// @formatter:on
StringBuilder sb = new StringBuilder();
ASN1GeneralizedTime invalidityDate = ASN1GeneralizedTime.getInstance(value);
sb.append(getGeneralizedTimeString(invalidityDate));
sb.append(NEWLINE);
return sb.toString();
}
Also used :
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
Example 2 with ASN1GeneralizedTime
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.
the class X509Ext method getDeclarationOfMajorityStringValue.
private String getDeclarationOfMajorityStringValue(byte[] octets) {
// @formatter:off
/*
DeclarationOfMajoritySyntax ::= CHOICE
{
notYoungerThan [0] IMPLICIT INTEGER,
fullAgeAtCountry [1] IMPLICIT SEQUENCE {
fullAge BOOLEAN DEFAULT TRUE,
country PrintableString (SIZE(2))
},
dateOfBirth [2] IMPLICIT GeneralizedTime
}
*/
// @formatter:on
StringBuilder sb = new StringBuilder();
DeclarationOfMajority declarationOfMajority = DeclarationOfMajority.getInstance(octets);
int notYoungerThan = declarationOfMajority.notYoungerThan();
ASN1Sequence fullAgeAtCountry = declarationOfMajority.fullAgeAtCountry();
ASN1GeneralizedTime dateOfBirth = declarationOfMajority.getDateOfBirth();
if (notYoungerThan != -1) {
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.notYoungerThan"), notYoungerThan));
sb.append(NEWLINE);
}
if (fullAgeAtCountry != null) {
ASN1Boolean fullAge = ASN1Boolean.getInstance(fullAgeAtCountry.getObjectAt(0));
DERPrintableString country = DERPrintableString.getInstance(fullAgeAtCountry.getObjectAt(1));
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.fullAgeAtCountry"), country.toString(), fullAge.toString()));
sb.append(NEWLINE);
}
if (dateOfBirth != null) {
sb.append(MessageFormat.format(res.getString("DeclarationOfMajority.dateOfBirth"), dateOfBirth));
sb.append(NEWLINE);
}
return sb.toString();
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DeclarationOfMajority(org.bouncycastle.asn1.isismtt.x509.DeclarationOfMajority)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1Boolean(org.bouncycastle.asn1.ASN1Boolean)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 3 with ASN1GeneralizedTime
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project keystore-explorer by kaikramer.
the class Asn1Dump method dumpGeneralizedTime.
private String dumpGeneralizedTime(ASN1GeneralizedTime asn1Time) {
StringBuilder sb = new StringBuilder();
sb.append(indentSequence.toString(indentLevel));
sb.append("GENERALIZED TIME=");
Date date;
try {
date = asn1Time.getDate();
} catch (ParseException e) {
throw new RuntimeException("Cannot parse generalized time");
}
String formattedDate = new SimpleDateFormat("dd/MMM/yyyy HH:mm:ss.SSS z").format(date);
sb.append(formattedDate);
sb.append(" (");
sb.append(asn1Time.getTime());
sb.append(")");
sb.append(NEWLINE);
return sb.toString();
}
Also used :
ParseException(java.text.ParseException)
DERNumericString(org.bouncycastle.asn1.DERNumericString)
DERBitString(org.bouncycastle.asn1.DERBitString)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERGeneralString(org.bouncycastle.asn1.DERGeneralString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
DERT61String(org.bouncycastle.asn1.DERT61String)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERVisibleString(org.bouncycastle.asn1.DERVisibleString)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
SimpleDateFormat(java.text.SimpleDateFormat)
Date(java.util.Date)
Example 4 with ASN1GeneralizedTime
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class BaseX509Certprofile method createDateOfBirthRdn.
private static RDN createDateOfBirthRdn(ASN1ObjectIdentifier type, ASN1Encodable rdnValue) throws BadCertTemplateException {
ParamUtil.requireNonNull("type", type);
String text;
ASN1Encodable newRdnValue = null;
if (rdnValue instanceof ASN1GeneralizedTime) {
text = ((ASN1GeneralizedTime) rdnValue).getTimeString();
newRdnValue = rdnValue;
} else if (rdnValue instanceof ASN1String && !(rdnValue instanceof DERUniversalString)) {
text = ((ASN1String) rdnValue).getString();
} else {
throw new BadCertTemplateException("Value of RDN dateOfBirth has incorrect syntax");
}
if (!SubjectDnSpec.PATTERN_DATE_OF_BIRTH.matcher(text).matches()) {
throw new BadCertTemplateException("Value of RDN dateOfBirth does not have format YYYMMDD000000Z");
}
if (newRdnValue == null) {
newRdnValue = new DERGeneralizedTime(text);
}
return new RDN(type, newRdnValue);
}
Also used :
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1String(org.bouncycastle.asn1.ASN1String)
DERUniversalString(org.bouncycastle.asn1.DERUniversalString)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ASN1String(org.bouncycastle.asn1.ASN1String)
RDN(org.bouncycastle.asn1.x500.RDN)
Example 5 with ASN1GeneralizedTime
use of org.bouncycastle.asn1.ASN1GeneralizedTime in project xipki by xipki.
the class ImportCrl method importEntries.
private void importEntries(Connection conn, int caId) throws DataAccessException, ImportCrlException {
AtomicLong maxId = new AtomicLong(datasource.getMax(conn, "CERT", "ID"));
// import the revoked information
Set<? extends X509CRLEntry> revokedCertList = crl.getRevokedCertificates();
if (revokedCertList != null) {
for (X509CRLEntry c : revokedCertList) {
X500Principal issuer = c.getCertificateIssuer();
BigInteger serial = c.getSerialNumber();
if (issuer != null) {
if (!x500PrincipalCaSubject.equals(issuer)) {
throw new ImportCrlException("invalid CRLEntry for certificate number " + serial);
}
}
Date rt = c.getRevocationDate();
Date rit = null;
byte[] extnValue = c.getExtensionValue(Extension.invalidityDate.getId());
if (extnValue != null) {
extnValue = extractCoreValue(extnValue);
ASN1GeneralizedTime genTime = DERGeneralizedTime.getInstance(extnValue);
try {
rit = genTime.getDate();
} catch (ParseException ex) {
throw new ImportCrlException(ex.getMessage(), ex);
}
if (rt.equals(rit)) {
rit = null;
}
}
CrlReason reason = CrlReason.fromReason(c.getRevocationReason());
String sql = null;
try {
if (reason == CrlReason.REMOVE_FROM_CRL) {
if (!isDeltaCrl) {
LOG.warn("ignore CRL entry with reason removeFromCRL in non-Delta CRL");
}
// delete the entry
sql = SQL_DELETE_CERT;
psDeleteCert.setInt(1, caId);
psDeleteCert.setString(2, serial.toString(16));
psDeleteCert.executeUpdate();
continue;
}
Long id = getId(caId, serial);
PreparedStatement ps;
int offset = 1;
if (id == null) {
sql = SQL_INSERT_CERT_REV;
id = maxId.incrementAndGet();
ps = psInsertCertRev;
ps.setLong(offset++, id);
ps.setInt(offset++, caId);
ps.setString(offset++, serial.toString(16));
} else {
sql = SQL_UPDATE_CERT_REV;
ps = psUpdateCertRev;
}
ps.setInt(offset++, 1);
ps.setInt(offset++, reason.getCode());
ps.setLong(offset++, rt.getTime() / 1000);
if (rit != null) {
ps.setLong(offset++, rit.getTime() / 1000);
} else {
ps.setNull(offset++, Types.BIGINT);
}
ps.setLong(offset++, System.currentTimeMillis() / 1000);
if (ps == psUpdateCertRev) {
ps.setLong(offset++, id);
}
ps.executeUpdate();
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
}
}
}
// import the certificates
// extract the certificate
byte[] extnValue = crl.getExtensionValue(ObjectIdentifiers.id_xipki_ext_crlCertset.getId());
if (extnValue != null) {
extnValue = extractCoreValue(extnValue);
ASN1Set asn1Set = DERSet.getInstance(extnValue);
final int n = asn1Set.size();
for (int i = 0; i < n; i++) {
ASN1Encodable asn1 = asn1Set.getObjectAt(i);
ASN1Sequence seq = ASN1Sequence.getInstance(asn1);
BigInteger serialNumber = ASN1Integer.getInstance(seq.getObjectAt(0)).getValue();
Certificate cert = null;
String profileName = null;
final int size = seq.size();
for (int j = 1; j < size; j++) {
ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(seq.getObjectAt(j));
int tagNo = taggedObj.getTagNo();
switch(tagNo) {
case 0:
cert = Certificate.getInstance(taggedObj.getObject());
break;
case 1:
profileName = DERUTF8String.getInstance(taggedObj.getObject()).getString();
break;
default:
break;
}
}
if (cert == null) {
continue;
}
if (!caSubject.equals(cert.getIssuer())) {
LOG.warn("issuer not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
continue;
}
if (!serialNumber.equals(cert.getSerialNumber().getValue())) {
LOG.warn("serialNumber not match (serial={}) in CRL Extension Xipki-CertSet, ignore it", LogUtil.formatCsn(serialNumber));
continue;
}
String certLogId = "(issuer='" + cert.getIssuer() + "', serialNumber=" + cert.getSerialNumber() + ")";
addCertificate(maxId, caId, cert, profileName, certLogId);
}
} else {
// cert dirs
File certsDir = new File(certsDirName);
if (!certsDir.exists()) {
LOG.warn("the folder {} does not exist, ignore it", certsDirName);
return;
}
if (!certsDir.isDirectory()) {
LOG.warn("the path {} does not point to a folder, ignore it", certsDirName);
return;
}
if (!certsDir.canRead()) {
LOG.warn("the folder {} must not be read, ignore it", certsDirName);
return;
}
File[] certFiles = certsDir.listFiles(new FilenameFilter() {
@Override
public boolean accept(File dir, String name) {
return name.endsWith(".der") || name.endsWith(".crt");
}
});
if (certFiles == null || certFiles.length == 0) {
return;
}
for (File certFile : certFiles) {
Certificate cert;
try {
byte[] encoded = IoUtil.read(certFile);
cert = Certificate.getInstance(encoded);
} catch (IllegalArgumentException | IOException ex) {
LOG.warn("could not parse certificate {}, ignore it", certFile.getPath());
continue;
}
String certLogId = "(file " + certFile.getName() + ")";
addCertificate(maxId, caId, cert, null, certLogId);
}
}
}
Also used :
SQLException(java.sql.SQLException)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
FilenameFilter(java.io.FilenameFilter)
X509CRLEntry(java.security.cert.X509CRLEntry)
CrlReason(org.xipki.security.CrlReason)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
PreparedStatement(java.sql.PreparedStatement)
IOException(java.io.IOException)
Date(java.util.Date)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.bouncycastle.asn1.ASN1Set)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
X500Principal(javax.security.auth.x500.X500Principal)
BigInteger(java.math.BigInteger)
ParseException(java.text.ParseException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate)
Aggregations
ASN1GeneralizedTime (org.bouncycastle.asn1.ASN1GeneralizedTime)20
Date (java.util.Date)11
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)8
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)8
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)7
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)7
DERIA5String (org.bouncycastle.asn1.DERIA5String)7
DEROctetString (org.bouncycastle.asn1.DEROctetString)7
IOException (java.io.IOException)6
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6
ParseException (java.text.ParseException)5
DERBMPString (org.bouncycastle.asn1.DERBMPString)5
DERT61String (org.bouncycastle.asn1.DERT61String)5
ASN1String (org.bouncycastle.asn1.ASN1String)4
Extension (org.bouncycastle.asn1.x509.Extension)4
BigInteger (java.math.BigInteger)3
ArrayList (java.util.ArrayList)3
LinkedList (java.util.LinkedList)3
BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)3
