use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificate.
// method getCertProfileForSerial
/**
* TODO.
* @param subjectName Subject of Certificate or requested Subject.
* @param transactionId will only be considered if there are more than one certificate
* matches the subject.
*/
List<X509Certificate> getCertificate(X500Name subjectName, byte[] transactionId) throws DataAccessException, OperationException {
final String sql = (transactionId != null) ? "SELECT ID FROM CERT WHERE TID=? AND (FP_S=? OR FP_RS=?)" : "SELECT ID FROM CERT WHERE FP_S=? OR FP_RS=?";
long fpSubject = X509Util.fpCanonicalizedName(subjectName);
List<Long> certIds = new LinkedList<Long>();
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
if (transactionId != null) {
ps.setString(idx++, Base64.encodeToString(transactionId));
}
ps.setLong(idx++, fpSubject);
ps.setLong(idx++, fpSubject);
rs = ps.executeQuery();
while (rs.next()) {
long id = rs.getLong("ID");
certIds.add(id);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (CollectionUtil.isEmpty(certIds)) {
return Collections.emptyList();
}
List<X509Certificate> certs = new ArrayList<X509Certificate>(certIds.size());
for (Long certId : certIds) {
X509CertWithDbId cert = getCertForId(certId);
if (cert != null) {
certs.add(cert.getCert());
}
}
return certs;
}
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CaLoadTestEnroll method nextCertRequests.
private Map<Integer, CertRequest> nextCertRequests() {
if (maxRequests > 0) {
int num = processedRequests.getAndAdd(1);
if (num >= maxRequests) {
return null;
}
}
Map<Integer, CertRequest> certRequests = new HashMap<>();
for (int i = 0; i < num; i++) {
final int certId = i + 1;
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
long thisIndex = index.getAndIncrement();
certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
certTempBuilder.setPublicKey(spki);
CertTemplate certTemplate = certTempBuilder.build();
CertRequest certRequest = new CertRequest(certId, certTemplate, null);
certRequests.put(certId, certRequest);
}
return certRequests;
}
use of org.bouncycastle.asn1.crmf.CertId in project pdfbox by apache.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(new BouncyCastleProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, true, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
Random rand = new Random();
byte[] nonce = new byte[16];
rand.nextBytes(nonce);
encodedNonce = new DEROctetString(new DEROctetString(nonce));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, encodedNonce);
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
System.out.println("Nonce: " + Hex.getString(nonceExtension.getExtnValue().getEncoded()));
return builder.build();
}
use of org.bouncycastle.asn1.crmf.CertId in project netty by netty.
the class OcspRequestBuilder method build.
/**
* ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce
* and CA's will (should) reject subsequent requests that have the same nonce value.
*/
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
SecureRandom generator = checkNotNull(this.generator, "generator");
DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
X509Certificate certificate = checkNotNull(this.certificate, "certificate");
X509Certificate issuer = checkNotNull(this.issuer, "issuer");
BigInteger serial = certificate.getSerialNumber();
CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial);
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.addRequest(certId);
byte[] nonce = new byte[8];
generator.nextBytes(nonce);
Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };
builder.setRequestExtensions(new Extensions(extensions));
return builder.build();
}
use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.
the class OCSPBasicResponse method matchIssuerId.
private boolean matchIssuerId(X509Cert signerCA, CertificateID certId, List<SingleResp> singleResponses) throws IOException {
Ruby runtime = getRuntime();
if (certId == null) {
// gotta check em all
for (SingleResp resp : singleResponses) {
CertificateID tempId = resp.getCertID();
if (!matchIssuerId(signerCA, tempId, null))
return false;
}
return true;
} else {
// we have a matching cid
ASN1ObjectIdentifier alg = certId.getHashAlgOID();
String sym = ASN1.oid2Sym(runtime, alg);
MessageDigest md = Digest.getDigest(runtime, sym);
byte[] issuerNameDigest = md.digest(signerCA.getIssuer().getX500Name().getEncoded());
byte[] issuerKeyDigest = md.digest(signerCA.getAuxCert().getPublicKey().getEncoded());
if (!issuerNameDigest.equals(certId.getIssuerNameHash()))
return false;
if (!issuerKeyDigest.equals(certId.getIssuerKeyHash()))
return false;
return true;
}
}
Aggregations