Examples with CertId org.bouncycastle.asn1.crmf.CertId used on opensource projects

Search in sources :

Example 16 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.

the class OCSPBasicResponse method add_status.

@JRubyMethod(name = "add_status", rest = true)
public OCSPBasicResponse add_status(final ThreadContext context, IRubyObject[] args) {
    Ruby runtime = context.getRuntime();
    Arity.checkArgumentCount(runtime, args, 7, 7);
    IRubyObject certificateId = args[0];
    IRubyObject status = args[1];
    IRubyObject reason = args[2];
    IRubyObject revocation_time = args[3];
    IRubyObject this_update = args[4];
    IRubyObject next_update = args[5];
    IRubyObject extensions = args[6];
    CertStatus certStatus = null;
    switch(RubyFixnum.fix2int((RubyFixnum) status)) {
        case 0:
            certStatus = new CertStatus();
            break;
        case 1:
            ASN1GeneralizedTime revTime = rubyIntOrTimeToGenTime(revocation_time);
            RevokedInfo revokedInfo = new RevokedInfo(revTime, CRLReason.lookup(RubyFixnum.fix2int((RubyFixnum) reason)));
            certStatus = new CertStatus(revokedInfo);
            break;
        case 2:
            certStatus = new CertStatus(2, DERNull.INSTANCE);
            break;
        default:
            break;
    }
    ASN1GeneralizedTime thisUpdate = rubyIntOrTimeToGenTime(this_update);
    ASN1GeneralizedTime nextUpdate = rubyIntOrTimeToGenTime(next_update);
    Extensions singleExtensions = convertRubyExtensions(extensions);
    CertID certID = ((OCSPCertificateId) certificateId).getCertID();
    SingleResponse ocspSingleResp = new SingleResponse(certID, certStatus, thisUpdate, nextUpdate, singleExtensions);
    OCSPSingleResponse rubySingleResp = new OCSPSingleResponse(runtime);
    try {
        rubySingleResp.initialize(context, RubyString.newString(runtime, ocspSingleResp.getEncoded()));
        singleResponses.add(rubySingleResp);
    } catch (IOException e) {
        throw newOCSPError(runtime, e);
    }
    return this;
}
Also used : CertStatus(org.bouncycastle.asn1.ocsp.CertStatus) SingleResponse(org.bouncycastle.asn1.ocsp.SingleResponse) CertID(org.bouncycastle.asn1.ocsp.CertID) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) IOException(java.io.IOException) IRubyObject(org.jruby.runtime.builtin.IRubyObject) RevokedInfo(org.bouncycastle.asn1.ocsp.RevokedInfo) Extensions(org.bouncycastle.asn1.x509.Extensions) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 17 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.

the class OCSPCertificateId method cmp_issuer.

@JRubyMethod(name = "cmp_issuer")
public IRubyObject cmp_issuer(IRubyObject other) {
    Ruby runtime = getRuntime();
    if (equals(other)) {
        return RubyFixnum.zero(runtime);
    }
    if (other instanceof OCSPCertificateId) {
        OCSPCertificateId that = (OCSPCertificateId) other;
        CertID thisCert = this.getCertID();
        CertID thatCert = that.getCertID();
        int ret = thisCert.getHashAlgorithm().getAlgorithm().toString().compareTo(thatCert.getHashAlgorithm().getAlgorithm().toString());
        if (ret != 0)
            return RubyFixnum.newFixnum(runtime, ret);
        ret = thisCert.getIssuerNameHash().toString().compareTo(thatCert.getIssuerNameHash().toString());
        if (ret != 0)
            return RubyFixnum.newFixnum(runtime, ret);
        return RubyFixnum.newFixnum(runtime, thisCert.getIssuerKeyHash().toString().compareTo(thatCert.getIssuerKeyHash().toString()));
    } else {
        return runtime.getCurrentContext().nil;
    }
}
Also used : CertID(org.bouncycastle.asn1.ocsp.CertID) Ruby(org.jruby.Ruby) JRubyMethod(org.jruby.anno.JRubyMethod)

Example 18 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method revokeSuspendedCert.

// method revokeCert
X509CertWithRevocationInfo revokeSuspendedCert(NameId ca, BigInteger serialNumber, CrlReason reason, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    ParamUtil.requireNonNull("reason", reason);
    X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
    if (certWithRevInfo == null) {
        LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
        return null;
    }
    CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
    if (currentRevInfo == null) {
        throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
    }
    CrlReason currentReason = currentRevInfo.getReason();
    if (currentReason != CrlReason.CERTIFICATE_HOLD) {
        throw new OperationException(ErrorCode.CERT_REVOKED, "certificate is revoked but not with reason " + CrlReason.CERTIFICATE_HOLD.getDescription());
    }
    long certId = certWithRevInfo.getCert().getCertId().longValue();
    PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_SUSPENDED_CERT);
    try {
        int idx = 1;
        ps.setLong(idx++, System.currentTimeMillis() / 1000);
        ps.setInt(idx++, reason.getCode());
        ps.setLong(idx++, certId);
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    if (publishToDeltaCrlCache) {
        publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
    }
    currentRevInfo.setReason(reason);
    return certWithRevInfo;
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CrlReason(org.xipki.security.CrlReason) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Example 19 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method getPublishQueueEntries.

// method removeCertificate
List<Long> getPublishQueueEntries(NameId ca, NameId publisher, int numEntries) throws DataAccessException {
    final String sql = sqls.getSqlCidFromPublishQueue(numEntries);
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setInt(2, ca.getId());
        rs = ps.executeQuery();
        List<Long> ret = new ArrayList<>();
        while (rs.next() && ret.size() < numEntries) {
            long certId = rs.getLong("CID");
            if (!ret.contains(certId)) {
                ret.add(certId);
            }
        }
        return ret;
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) ArrayList(java.util.ArrayList) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 20 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method getCertForId.

// method cleanupCrls
X509CertificateInfo getCertForId(NameId ca, X509Cert caCert, long certId, CaIdNameMap idNameMap) throws DataAccessException, CertificateException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("caCert", caCert);
    ParamUtil.requireNonNull("idNameMap", idNameMap);
    final String sql = sqls.sqlCertForId;
    String b64Cert;
    int certprofileId;
    int requestorId;
    boolean revoked;
    int revReason = 0;
    long revTime = 0;
    long revInvTime = 0;
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setLong(1, certId);
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        b64Cert = rs.getString("CERT");
        certprofileId = rs.getInt("PID");
        requestorId = rs.getInt("RID");
        revoked = rs.getBoolean("REV");
        if (revoked) {
            revReason = rs.getInt("RR");
            revTime = rs.getLong("RT");
            revInvTime = rs.getLong("RIT");
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
    byte[] encodedCert = Base64.decodeFast(b64Cert);
    X509Certificate cert = X509Util.parseCert(encodedCert);
    X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, encodedCert);
    certWithMeta.setCertId(certId);
    X509CertificateInfo certInfo = new X509CertificateInfo(certWithMeta, ca, caCert, cert.getPublicKey().getEncoded(), idNameMap.getCertprofile(certprofileId), idNameMap.getRequestor(requestorId));
    if (!revoked) {
        return certInfo;
    }
    Date invalidityTime = (revInvTime == 0 || revInvTime == revTime) ? null : new Date(revInvTime * 1000);
    CertRevocationInfo revInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), invalidityTime);
    certInfo.setRevocationInfo(revInfo);
    return certInfo;
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) CertRevocationInfo(org.xipki.security.CertRevocationInfo) ResultSet(java.sql.ResultSet)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)26 X509Certificate (java.security.cert.X509Certificate)19 IOException (java.io.IOException)18 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 Extension (org.bouncycastle.asn1.x509.Extension)10 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 Date (java.util.Date)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 OperationException (org.xipki.ca.api.OperationException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial