use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.
the class OCSPBasicResponse method add_status.
@JRubyMethod(name = "add_status", rest = true)
public OCSPBasicResponse add_status(final ThreadContext context, IRubyObject[] args) {
Ruby runtime = context.getRuntime();
Arity.checkArgumentCount(runtime, args, 7, 7);
IRubyObject certificateId = args[0];
IRubyObject status = args[1];
IRubyObject reason = args[2];
IRubyObject revocation_time = args[3];
IRubyObject this_update = args[4];
IRubyObject next_update = args[5];
IRubyObject extensions = args[6];
CertStatus certStatus = null;
switch(RubyFixnum.fix2int((RubyFixnum) status)) {
case 0:
certStatus = new CertStatus();
break;
case 1:
ASN1GeneralizedTime revTime = rubyIntOrTimeToGenTime(revocation_time);
RevokedInfo revokedInfo = new RevokedInfo(revTime, CRLReason.lookup(RubyFixnum.fix2int((RubyFixnum) reason)));
certStatus = new CertStatus(revokedInfo);
break;
case 2:
certStatus = new CertStatus(2, DERNull.INSTANCE);
break;
default:
break;
}
ASN1GeneralizedTime thisUpdate = rubyIntOrTimeToGenTime(this_update);
ASN1GeneralizedTime nextUpdate = rubyIntOrTimeToGenTime(next_update);
Extensions singleExtensions = convertRubyExtensions(extensions);
CertID certID = ((OCSPCertificateId) certificateId).getCertID();
SingleResponse ocspSingleResp = new SingleResponse(certID, certStatus, thisUpdate, nextUpdate, singleExtensions);
OCSPSingleResponse rubySingleResp = new OCSPSingleResponse(runtime);
try {
rubySingleResp.initialize(context, RubyString.newString(runtime, ocspSingleResp.getEncoded()));
singleResponses.add(rubySingleResp);
} catch (IOException e) {
throw newOCSPError(runtime, e);
}
return this;
}
use of org.bouncycastle.asn1.crmf.CertId in project jruby-openssl by jruby.
the class OCSPCertificateId method cmp_issuer.
@JRubyMethod(name = "cmp_issuer")
public IRubyObject cmp_issuer(IRubyObject other) {
Ruby runtime = getRuntime();
if (equals(other)) {
return RubyFixnum.zero(runtime);
}
if (other instanceof OCSPCertificateId) {
OCSPCertificateId that = (OCSPCertificateId) other;
CertID thisCert = this.getCertID();
CertID thatCert = that.getCertID();
int ret = thisCert.getHashAlgorithm().getAlgorithm().toString().compareTo(thatCert.getHashAlgorithm().getAlgorithm().toString());
if (ret != 0)
return RubyFixnum.newFixnum(runtime, ret);
ret = thisCert.getIssuerNameHash().toString().compareTo(thatCert.getIssuerNameHash().toString());
if (ret != 0)
return RubyFixnum.newFixnum(runtime, ret);
return RubyFixnum.newFixnum(runtime, thisCert.getIssuerKeyHash().toString().compareTo(thatCert.getIssuerKeyHash().toString()));
} else {
return runtime.getCurrentContext().nil;
}
}
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CertStoreQueryExecutor method revokeSuspendedCert.
// method revokeCert
X509CertWithRevocationInfo revokeSuspendedCert(NameId ca, BigInteger serialNumber, CrlReason reason, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
ParamUtil.requireNonNull("reason", reason);
X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
if (certWithRevInfo == null) {
LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
return null;
}
CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
if (currentRevInfo == null) {
throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
}
CrlReason currentReason = currentRevInfo.getReason();
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new OperationException(ErrorCode.CERT_REVOKED, "certificate is revoked but not with reason " + CrlReason.CERTIFICATE_HOLD.getDescription());
}
long certId = certWithRevInfo.getCert().getCertId().longValue();
PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_SUSPENDED_CERT);
try {
int idx = 1;
ps.setLong(idx++, System.currentTimeMillis() / 1000);
ps.setInt(idx++, reason.getCode());
ps.setLong(idx++, certId);
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
} finally {
releaseDbResources(ps, null);
}
if (publishToDeltaCrlCache) {
publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
}
currentRevInfo.setReason(reason);
return certWithRevInfo;
}
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CertStoreQueryExecutor method getPublishQueueEntries.
// method removeCertificate
List<Long> getPublishQueueEntries(NameId ca, NameId publisher, int numEntries) throws DataAccessException {
final String sql = sqls.getSqlCidFromPublishQueue(numEntries);
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setInt(1, publisher.getId());
ps.setInt(2, ca.getId());
rs = ps.executeQuery();
List<Long> ret = new ArrayList<>();
while (rs.next() && ret.size() < numEntries) {
long certId = rs.getLong("CID");
if (!ret.contains(certId)) {
ret.add(certId);
}
}
return ret;
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
}
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class CertStoreQueryExecutor method getCertForId.
// method cleanupCrls
X509CertificateInfo getCertForId(NameId ca, X509Cert caCert, long certId, CaIdNameMap idNameMap) throws DataAccessException, CertificateException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("caCert", caCert);
ParamUtil.requireNonNull("idNameMap", idNameMap);
final String sql = sqls.sqlCertForId;
String b64Cert;
int certprofileId;
int requestorId;
boolean revoked;
int revReason = 0;
long revTime = 0;
long revInvTime = 0;
ResultSet rs = null;
PreparedStatement ps = borrowPreparedStatement(sql);
try {
ps.setLong(1, certId);
rs = ps.executeQuery();
if (!rs.next()) {
return null;
}
b64Cert = rs.getString("CERT");
certprofileId = rs.getInt("PID");
requestorId = rs.getInt("RID");
revoked = rs.getBoolean("REV");
if (revoked) {
revReason = rs.getInt("RR");
revTime = rs.getLong("RT");
revInvTime = rs.getLong("RIT");
}
} catch (SQLException ex) {
throw datasource.translate(sql, ex);
} finally {
releaseDbResources(ps, rs);
}
byte[] encodedCert = Base64.decodeFast(b64Cert);
X509Certificate cert = X509Util.parseCert(encodedCert);
X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, encodedCert);
certWithMeta.setCertId(certId);
X509CertificateInfo certInfo = new X509CertificateInfo(certWithMeta, ca, caCert, cert.getPublicKey().getEncoded(), idNameMap.getCertprofile(certprofileId), idNameMap.getRequestor(requestorId));
if (!revoked) {
return certInfo;
}
Date invalidityTime = (revInvTime == 0 || revInvTime == revTime) ? null : new Date(revInvTime * 1000);
CertRevocationInfo revInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), invalidityTime);
certInfo.setRevocationInfo(revInfo);
return certInfo;
}
Aggregations