Search in sources :

Example 11 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class X509Ca method unrevokeCertificate0.

// method revokeSuspendedCert0
private X509CertWithDbId unrevokeCertificate0(BigInteger serialNumber, boolean force, AuditEvent event) throws OperationException {
    String hexSerial = LogUtil.formatCsn(serialNumber);
    event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
    LOG.info("     START unrevokeCertificate: ca={}, serialNumber={}", caIdent, hexSerial);
    X509CertWithDbId unrevokedCert = certstore.unrevokeCertificate(caIdent, serialNumber, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
    if (unrevokedCert == null) {
        return null;
    }
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        if (!publisher.isAsyn()) {
            boolean successful;
            try {
                successful = publisher.certificateUnrevoked(caCert, unrevokedCert);
            } catch (RuntimeException ex) {
                successful = false;
                LogUtil.error(LOG, ex, "could not publish unrevocation of certificate to the publisher " + publisher.getIdent());
            }
            if (successful) {
                continue;
            }
        }
        // end if
        Long certId = unrevokedCert.getCertId();
        try {
            certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not add entry to PublishQueue");
        }
    }
    // end for
    LOG.info("SUCCESSFUL unrevokeCertificate: ca={}, serialNumber={}, revocationResult=UNREVOKED", caIdent, hexSerial);
    return unrevokedCert;
}
Also used : X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String)

Example 12 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class X509Ca method publishCertsInQueue.

private boolean publishCertsInQueue(IdentifiedX509CertPublisher publisher) {
    ParamUtil.requireNonNull("publisher", publisher);
    final int numEntries = 500;
    while (true) {
        List<Long> certIds;
        try {
            certIds = certstore.getPublishQueueEntries(caIdent, publisher.getIdent(), numEntries);
        } catch (OperationException ex) {
            LogUtil.error(LOG, ex);
            return false;
        }
        if (CollectionUtil.isEmpty(certIds)) {
            break;
        }
        for (Long certId : certIds) {
            X509CertificateInfo certInfo;
            try {
                certInfo = certstore.getCertificateInfoForId(caIdent, caCert, certId, caIdNameMap);
            } catch (OperationException | CertificateException ex) {
                LogUtil.error(LOG, ex);
                return false;
            }
            boolean successful = publisher.certificateAdded(certInfo);
            if (!successful) {
                LOG.error("republishing certificate id={} failed", certId);
                return false;
            }
            try {
                certstore.removeFromPublishQueue(publisher.getIdent(), certId);
            } catch (OperationException ex) {
                LogUtil.warn(LOG, ex, "could not remove republished cert id=" + certId + " and publisher=" + publisher.getIdent());
                continue;
            }
        }
    // end for
    }
    return true;
}
Also used : X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) CertificateException(java.security.cert.CertificateException) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) OperationException(org.xipki.ca.api.OperationException)

Example 13 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class X509Ca method revokeCertificate0.

// method removeCertificate0
private X509CertWithRevocationInfo revokeCertificate0(BigInteger serialNumber, CrlReason reason, Date invalidityTime, boolean force, AuditEvent event) throws OperationException {
    String hexSerial = LogUtil.formatCsn(serialNumber);
    event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
    event.addEventData(CaAuditConstants.NAME_reason, reason.getDescription());
    if (invalidityTime != null) {
        event.addEventData(CaAuditConstants.NAME_invalidityTime, DateUtil.toUtcTimeyyyyMMddhhmmss(invalidityTime));
    }
    LOG.info("     START revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}", caIdent, hexSerial, reason.getDescription(), invalidityTime);
    X509CertWithRevocationInfo revokedCert = null;
    CertRevocationInfo revInfo = new CertRevocationInfo(reason, new Date(), invalidityTime);
    revokedCert = certstore.revokeCertificate(caIdent, serialNumber, revInfo, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
    if (revokedCert == null) {
        return null;
    }
    for (IdentifiedX509CertPublisher publisher : publishers()) {
        if (!publisher.isAsyn()) {
            boolean successful;
            try {
                successful = publisher.certificateRevoked(caCert, revokedCert.getCert(), revokedCert.getCertprofile(), revokedCert.getRevInfo());
            } catch (RuntimeException ex) {
                successful = false;
                LogUtil.error(LOG, ex, "could not publish revocation of certificate to the publisher " + publisher.getIdent());
            }
            if (successful) {
                continue;
            }
        }
        // end if
        Long certId = revokedCert.getCert().getCertId();
        try {
            certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
        } catch (Throwable th) {
            LogUtil.error(LOG, th, "could not add entry to PublishQueue");
        }
    }
    if (LOG.isInfoEnabled()) {
        LOG.info("SUCCESSFUL revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}," + " revocationResult=REVOKED", caIdent, hexSerial, reason.getDescription(), invalidityTime);
    }
    return revokedCert;
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo) Date(java.util.Date)

Example 14 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project keepass2android by PhilippC.

the class CertBag method toASN1Object.

public DERObject toASN1Object() {
    ASN1EncodableVector v = new ASN1EncodableVector();
    v.add(certId);
    v.add(new DERTaggedObject(0, certValue));
    return new DERSequence(v);
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)

Example 15 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.

the class OCSPSingleResponse method certid.

@JRubyMethod(name = "certid")
public IRubyObject certid(ThreadContext context) {
    Ruby runtime = context.runtime;
    CertID bcCertId = bcSingleResponse.getCertID();
    OCSPCertificateId rubyCertId = new OCSPCertificateId(runtime);
    try {
        rubyCertId.initialize(context, RubyString.newString(runtime, bcCertId.getEncoded()));
    } catch (IOException e) {
        throw newOCSPError(runtime, e);
    }
    return rubyCertId;
}
Also used : CertID(org.bouncycastle.asn1.ocsp.CertID) IOException(java.io.IOException) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)26 X509Certificate (java.security.cert.X509Certificate)19 IOException (java.io.IOException)18 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 Extension (org.bouncycastle.asn1.x509.Extension)10 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 Date (java.util.Date)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 OperationException (org.xipki.ca.api.OperationException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7