Example 46 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertificate.
// method getCertProfileForSerial
/**
* TODO.
* @param subjectName Subject of Certificate or requested Subject.
* @param transactionId will only be considered if there are more than one certificate
* matches the subject.
*/
List<X509Certificate> getCertificate(X500Name subjectName, byte[] transactionId) throws DataAccessException, OperationException {
final String sql = (transactionId != null) ? "SELECT ID FROM CERT WHERE TID=? AND (FP_S=? OR FP_RS=?)" : "SELECT ID FROM CERT WHERE FP_S=? OR FP_RS=?";
long fpSubject = X509Util.fpCanonicalizedName(subjectName);
List<Long> certIds = new LinkedList<Long>();
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
int idx = 1;
if (transactionId != null) {
ps.setString(idx++, Base64.encodeToString(transactionId));
}
ps.setLong(idx++, fpSubject);
ps.setLong(idx++, fpSubject);
rs = ps.executeQuery();
while (rs.next()) {
long id = rs.getLong("ID");
certIds.add(id);
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
if (CollectionUtil.isEmpty(certIds)) {
return Collections.emptyList();
}
List<X509Certificate> certs = new ArrayList<X509Certificate>(certIds.size());
for (Long certId : certIds) {
X509CertWithDbId cert = getCertForId(certId);
if (cert != null) {
certs.add(cert.getCert());
}
}
return certs;
}
Also used :
SQLException(java.sql.SQLException)
ArrayList(java.util.ArrayList)
PreparedStatement(java.sql.PreparedStatement)
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
ResultSet(java.sql.ResultSet)
Example 47 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CaLoadTestEnroll method nextCertRequests.
private Map<Integer, CertRequest> nextCertRequests() {
if (maxRequests > 0) {
int num = processedRequests.getAndAdd(1);
if (num >= maxRequests) {
return null;
}
}
Map<Integer, CertRequest> certRequests = new HashMap<>();
for (int i = 0; i < num; i++) {
final int certId = i + 1;
CertTemplateBuilder certTempBuilder = new CertTemplateBuilder();
long thisIndex = index.getAndIncrement();
certTempBuilder.setSubject(loadtestEntry.getX500Name(thisIndex));
SubjectPublicKeyInfo spki = loadtestEntry.getSubjectPublicKeyInfo();
certTempBuilder.setPublicKey(spki);
CertTemplate certTemplate = certTempBuilder.build();
CertRequest certRequest = new CertRequest(certId, certTemplate, null);
certRequests.put(certId, certRequest);
}
return certRequests;
}
Also used :
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
CertTemplateBuilder(org.bouncycastle.asn1.crmf.CertTemplateBuilder)
HashMap(java.util.HashMap)
CertRequest(org.bouncycastle.asn1.crmf.CertRequest)
EnrollCertRequest(org.xipki.ca.client.api.dto.EnrollCertRequest)
CertTemplate(org.bouncycastle.asn1.crmf.CertTemplate)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Example 48 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project pdfbox by apache.
the class OcspHelper method generateOCSPRequest.
/**
* Generates an OCSP request and generates the <code>CertificateID</code>.
*
* @return OCSP request, ready to fetch data
* @throws OCSPException
* @throws IOException
*/
private OCSPReq generateOCSPRequest() throws OCSPException, IOException {
Security.addProvider(new BouncyCastleProvider());
// Generate the ID for the certificate we are looking for
CertificateID certId;
try {
certId = new CertificateID(new SHA1DigestCalculator(), new JcaX509CertificateHolder(issuerCertificate), certificateToCheck.getSerialNumber());
} catch (CertificateEncodingException e) {
throw new IOException("Error creating CertificateID with the Certificate encoding", e);
}
OCSPReqBuilder builder = new OCSPReqBuilder();
Extension responseExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_response, true, new DLSequence(OCSPObjectIdentifiers.id_pkix_ocsp_basic).getEncoded());
Random rand = new Random();
byte[] nonce = new byte[16];
rand.nextBytes(nonce);
encodedNonce = new DEROctetString(new DEROctetString(nonce));
Extension nonceExtension = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, true, encodedNonce);
builder.setRequestExtensions(new Extensions(new Extension[] { responseExtension, nonceExtension }));
builder.addRequest(certId);
System.out.println("Nonce: " + Hex.getString(nonceExtension.getExtnValue().getEncoded()));
return builder.build();
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
DLSequence(org.bouncycastle.asn1.DLSequence)
Random(java.util.Random)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 49 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project netty by netty.
the class OcspRequestBuilder method build.
/**
* ATTENTION: The returned {@link OCSPReq} is not re-usable/cacheable! It contains a one-time nonce
* and CA's will (should) reject subsequent requests that have the same nonce value.
*/
public OCSPReq build() throws OCSPException, IOException, CertificateEncodingException {
SecureRandom generator = checkNotNull(this.generator, "generator");
DigestCalculator calculator = checkNotNull(this.calculator, "calculator");
X509Certificate certificate = checkNotNull(this.certificate, "certificate");
X509Certificate issuer = checkNotNull(this.issuer, "issuer");
BigInteger serial = certificate.getSerialNumber();
CertificateID certId = new CertificateID(calculator, new X509CertificateHolder(issuer.getEncoded()), serial);
OCSPReqBuilder builder = new OCSPReqBuilder();
builder.addRequest(certId);
byte[] nonce = new byte[8];
generator.nextBytes(nonce);
Extension[] extensions = new Extension[] { new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nonce)) };
builder.setRequestExtensions(new Extensions(extensions));
return builder.build();
}
Also used :
Extension(org.bouncycastle.asn1.x509.Extension)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
DigestCalculator(org.bouncycastle.operator.DigestCalculator)
SecureRandom(java.security.SecureRandom)
BigInteger(java.math.BigInteger)
Extensions(org.bouncycastle.asn1.x509.Extensions)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
X509Certificate(java.security.cert.X509Certificate)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 50 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.
the class OCSPBasicResponse method matchIssuerId.
private boolean matchIssuerId(X509Cert signerCA, CertificateID certId, List<SingleResp> singleResponses) throws IOException {
Ruby runtime = getRuntime();
if (certId == null) {
// gotta check em all
for (SingleResp resp : singleResponses) {
CertificateID tempId = resp.getCertID();
if (!matchIssuerId(signerCA, tempId, null))
return false;
}
return true;
} else {
// we have a matching cid
ASN1ObjectIdentifier alg = certId.getHashAlgOID();
String sym = ASN1.oid2Sym(runtime, alg);
MessageDigest md = Digest.getDigest(runtime, sym);
byte[] issuerNameDigest = md.digest(signerCA.getIssuer().getX500Name().getEncoded());
byte[] issuerKeyDigest = md.digest(signerCA.getAuxCert().getPublicKey().getEncoded());
if (!issuerNameDigest.equals(certId.getIssuerNameHash()))
return false;
if (!issuerKeyDigest.equals(certId.getIssuerKeyHash()))
return false;
return true;
}
}
Also used :
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
RubyString(org.jruby.RubyString)
MessageDigest(java.security.MessageDigest)
Ruby(org.jruby.Ruby)
SingleResp(org.bouncycastle.cert.ocsp.SingleResp)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)26
X509Certificate (java.security.cert.X509Certificate)19
IOException (java.io.IOException)18
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15
CertificateException (java.security.cert.CertificateException)12
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
Extension (org.bouncycastle.asn1.x509.Extension)10
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
Date (java.util.Date)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
Certificate (java.security.cert.Certificate)8
CertID (org.bouncycastle.asn1.ocsp.CertID)8
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8
OperationException (org.xipki.ca.api.OperationException)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
