Example 31 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project robovm by robovm.
the class PKCS12KeyStoreSpi method engineDeleteEntry.
/**
* this is not quite complete - we should follow up on the chain, a bit
* tricky if a certificate appears in more than one chain...
*/
public void engineDeleteEntry(String alias) throws KeyStoreException {
Key k = (Key) keys.remove(alias);
Certificate c = (Certificate) certs.remove(alias);
if (c != null) {
chainCerts.remove(new CertId(c.getPublicKey()));
}
if (k != null) {
String id = (String) localIds.remove(alias);
if (id != null) {
c = (Certificate) keyCerts.remove(id);
}
if (c != null) {
chainCerts.remove(new CertId(c.getPublicKey()));
}
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
BEROctetString(org.bouncycastle.asn1.BEROctetString)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
PublicKey(java.security.PublicKey)
BCPBEKey(org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 32 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project robovm by robovm.
the class CertBag method toASN1Primitive.
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(certId);
v.add(new DERTaggedObject(0, certValue));
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 33 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project wso2-synapse by wso2.
the class OCSPVerifierTest method generateOCSPResponse.
/**
* This makes the corresponding OCSP response to the OCSP request which is sent to the fake CA. If the request
* has a certificateID which is marked as revoked by the CA, the OCSP response will say that the certificate
* which is referred to by the request, is revoked.
*
* @param request the OCSP request which asks if the certificate is revoked.
* @param caPrivateKey privateKey of the fake CA.
* @param caPublicKey publicKey of the fake CA
* @param revokedID the ID at fake CA which is checked against the certificateId in the request.
* @return the created OCSP response by the fake CA.
* @throws NoSuchProviderException
* @throws OCSPException
* @throws OperatorCreationException
*/
private OCSPResp generateOCSPResponse(OCSPReq request, X509CertificateHolder certificateHolder, PrivateKey caPrivateKey, PublicKey caPublicKey, CertificateID revokedID) throws NoSuchProviderException, OCSPException, OperatorCreationException {
BasicOCSPRespBuilder basicOCSPRespBuilder = new BasicOCSPRespBuilder(new RespID(certificateHolder.getSubject()));
Extension extension = request.getExtension(new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp.getId()));
if (extension != null) {
basicOCSPRespBuilder.setResponseExtensions(new Extensions(extension));
}
Req[] requests = request.getRequestList();
for (Req req : requests) {
CertificateID certID = req.getCertID();
if (certID.equals(revokedID)) {
RevokedStatus revokedStatus = new RevokedStatus(new Date(), CRLReason.privilegeWithdrawn);
Date nextUpdate = new Date(new Date().getTime() + TestConstants.NEXT_UPDATE_PERIOD);
basicOCSPRespBuilder.addResponse(certID, revokedStatus, nextUpdate, null);
} else {
basicOCSPRespBuilder.addResponse(certID, CertificateStatus.GOOD);
}
}
X509CertificateHolder[] chain = { certificateHolder };
ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(caPrivateKey);
BasicOCSPResp basicResp = basicOCSPRespBuilder.build(signer, chain, new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL, basicResp);
}
Also used :
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
Date(java.util.Date)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 34 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class OcspBenchRequestor method buildRequest.
// method ask
private byte[] buildRequest(BigInteger[] serialNumbers) throws OcspRequestorException {
boolean canCache = (serialNumbers.length == 1) && !requestOptions.isUseNonce();
if (canCache) {
byte[] request = requests.get(serialNumbers[0]);
if (request != null) {
return request;
}
}
OCSPReqBuilder reqBuilder = new OCSPReqBuilder();
if (requestOptions.isUseNonce() || extensions != null) {
List<Extension> extns = new ArrayList<>(2);
if (requestOptions.isUseNonce()) {
Extension extn = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(nextNonce(requestOptions.getNonceLen())));
extns.add(extn);
}
if (extensions != null) {
for (Extension extn : extensions) {
extns.add(extn);
}
}
reqBuilder.setRequestExtensions(new Extensions(extns.toArray(extnType)));
}
try {
for (BigInteger serialNumber : serialNumbers) {
CertID certId = new CertID(issuerhashAlg, issuerNameHash, issuerKeyHash, new ASN1Integer(serialNumber));
reqBuilder.addRequest(new CertificateID(certId));
}
byte[] request = reqBuilder.build().getEncoded();
if (canCache) {
requests.put(serialNumbers[0], request);
}
return request;
} catch (OCSPException | IOException ex) {
throw new OcspRequestorException(ex.getMessage(), ex);
}
}
Also used :
OcspRequestorException(org.xipki.ocsp.client.api.OcspRequestorException)
CertID(org.bouncycastle.asn1.ocsp.CertID)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
ArrayList(java.util.ArrayList)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Extension(org.bouncycastle.asn1.x509.Extension)
OCSPException(org.bouncycastle.cert.ocsp.OCSPException)
BigInteger(java.math.BigInteger)
OCSPReqBuilder(org.bouncycastle.cert.ocsp.OCSPReqBuilder)
Example 35 with CertId
use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.
the class OcspRequest method getInstance.
public static OcspRequest getInstance(OCSPRequest req) throws EncodingException {
TBSRequest tbsReq0 = req.getTbsRequest();
org.bouncycastle.asn1.x509.Extensions extensions0 = tbsReq0.getRequestExtensions();
Set<String> criticalExtensionOids = new HashSet<>();
if (extensions0 != null) {
for (ASN1ObjectIdentifier oid : extensions0.getCriticalExtensionOIDs()) {
criticalExtensionOids.add(oid.getId());
}
}
ASN1Sequence requestList0 = tbsReq0.getRequestList();
final int n = requestList0.size();
List<CertID> requestList = new ArrayList<>(n);
for (int i = 0; i < n; i++) {
Request singleReq0 = Request.getInstance(requestList0.getObjectAt(i));
org.bouncycastle.asn1.ocsp.CertID certId0 = singleReq0.getReqCert();
ByteArrayOutputStream out = new ByteArrayOutputStream();
try {
out.write(certId0.getHashAlgorithm().getEncoded());
out.write(certId0.getIssuerNameHash().getEncoded());
out.write(certId0.getIssuerKeyHash().getEncoded());
} catch (IOException ex) {
throw new EncodingException(ex.getMessage(), ex);
}
byte[] encodedIssuer = out.toByteArray();
RequestIssuer issuer = new RequestIssuer(encodedIssuer, 0, encodedIssuer.length);
CertID certId = new CertID(issuer, certId0.getSerialNumber().getValue());
requestList.add(certId);
}
List<ExtendedExtension> extensions = new LinkedList<>();
if (extensions0 != null) {
ASN1ObjectIdentifier[] extOids = extensions0.getExtensionOIDs();
for (ASN1ObjectIdentifier oid : extOids) {
org.bouncycastle.asn1.x509.Extension extension0 = extensions0.getExtension(oid);
byte[] encoded;
try {
encoded = extension0.getEncoded();
} catch (IOException ex) {
throw new EncodingException("error encoding Extension", ex);
}
extensions.add(ExtendedExtension.getInstance(encoded, 0, encoded.length));
}
}
return new OcspRequest(tbsReq0.getVersion().getValue().intValue(), requestList, extensions);
}
Also used :
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
RequestIssuer(org.xipki.ocsp.api.RequestIssuer)
Request(org.bouncycastle.asn1.ocsp.Request)
OCSPRequest(org.bouncycastle.asn1.ocsp.OCSPRequest)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
TBSRequest(org.bouncycastle.asn1.ocsp.TBSRequest)
LinkedList(java.util.LinkedList)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)26
X509Certificate (java.security.cert.X509Certificate)19
IOException (java.io.IOException)18
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15
CertificateException (java.security.cert.CertificateException)12
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
Extension (org.bouncycastle.asn1.x509.Extension)10
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
Date (java.util.Date)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
Certificate (java.security.cert.Certificate)8
CertID (org.bouncycastle.asn1.ocsp.CertID)8
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8
OperationException (org.xipki.ca.api.OperationException)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
