Examples with CertId org.bouncycastle.asn1.crmf.CertId used on opensource projects

Search in sources :

Example 41 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method addToPublishQueue.

// method addCert
void addToPublishQueue(NameId publisher, long certId, NameId ca) throws DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    final String sql = SQLs.SQL_INSERT_PUBLISHQUEUE;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setInt(2, ca.getId());
        ps.setLong(3, certId);
        ps.executeUpdate();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 42 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method addCert.

// constructor
void addCert(NameId ca, X509CertWithDbId certificate, byte[] encodedSubjectPublicKey, NameId certProfile, NameId requestor, Integer userId, RequestType reqType, byte[] transactionId, X500Name reqSubject) throws DataAccessException, OperationException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("certificate", certificate);
    ParamUtil.requireNonNull("certProfile", certProfile);
    ParamUtil.requireNonNull("requestor", requestor);
    long certId = idGenerator.nextId();
    X509Certificate cert = certificate.getCert();
    long fpPk = FpIdCalculator.hash(encodedSubjectPublicKey);
    String subjectText = X509Util.cutText(certificate.getSubject(), maxX500nameLen);
    long fpSubject = X509Util.fpCanonicalizedName(cert.getSubjectX500Principal());
    String reqSubjectText = null;
    Long fpReqSubject = null;
    if (reqSubject != null) {
        fpReqSubject = X509Util.fpCanonicalizedName(reqSubject);
        if (fpSubject == fpReqSubject) {
            fpReqSubject = null;
        } else {
            reqSubjectText = X509Util.cutX500Name(CaUtil.sortX509Name(reqSubject), maxX500nameLen);
        }
    }
    String b64FpCert = base64Fp(certificate.getEncodedCert());
    String b64Cert = Base64.encodeToString(certificate.getEncodedCert());
    String tid = (transactionId == null) ? null : Base64.encodeToString(transactionId);
    long currentTimeSeconds = System.currentTimeMillis() / 1000;
    BigInteger serialNumber = cert.getSerialNumber();
    long notBeforeSeconds = cert.getNotBefore().getTime() / 1000;
    long notAfterSeconds = cert.getNotAfter().getTime() / 1000;
    Connection conn = null;
    PreparedStatement[] pss = borrowPreparedStatements(SQLs.SQL_ADD_CERT, SQLs.SQL_ADD_CRAW);
    try {
        PreparedStatement psAddcert = pss[0];
        // all statements have the same connection
        conn = psAddcert.getConnection();
        // cert
        int idx = 2;
        psAddcert.setInt(idx++, CertArt.X509PKC.getCode());
        psAddcert.setLong(idx++, currentTimeSeconds);
        psAddcert.setString(idx++, serialNumber.toString(16));
        psAddcert.setString(idx++, subjectText);
        psAddcert.setLong(idx++, fpSubject);
        setLong(psAddcert, idx++, fpReqSubject);
        psAddcert.setLong(idx++, notBeforeSeconds);
        psAddcert.setLong(idx++, notAfterSeconds);
        setBoolean(psAddcert, idx++, false);
        psAddcert.setInt(idx++, certProfile.getId());
        psAddcert.setInt(idx++, ca.getId());
        setInt(psAddcert, idx++, requestor.getId());
        setInt(psAddcert, idx++, userId);
        psAddcert.setLong(idx++, fpPk);
        boolean isEeCert = cert.getBasicConstraints() == -1;
        psAddcert.setInt(idx++, isEeCert ? 1 : 0);
        psAddcert.setInt(idx++, reqType.getCode());
        psAddcert.setString(idx++, tid);
        // rawcert
        PreparedStatement psAddRawcert = pss[1];
        idx = 2;
        psAddRawcert.setString(idx++, b64FpCert);
        psAddRawcert.setString(idx++, reqSubjectText);
        psAddRawcert.setString(idx++, b64Cert);
        certificate.setCertId(certId);
        psAddcert.setLong(1, certId);
        psAddRawcert.setLong(1, certId);
        final boolean origAutoCommit = conn.getAutoCommit();
        conn.setAutoCommit(false);
        String sql = null;
        try {
            sql = SQLs.SQL_ADD_CERT;
            psAddcert.executeUpdate();
            sql = SQLs.SQL_ADD_CRAW;
            psAddRawcert.executeUpdate();
            sql = "(commit add cert to CA certstore)";
            conn.commit();
        } catch (Throwable th) {
            conn.rollback();
            // more secure
            datasource.deleteFromTable(null, "CRAW", "CID", certId);
            datasource.deleteFromTable(null, "CERT", "ID", certId);
            if (th instanceof SQLException) {
                LOG.error("datasource {} could not add certificate with id {}: {}", datasource.getName(), certId, th.getMessage());
                throw datasource.translate(sql, (SQLException) th);
            } else {
                throw new OperationException(ErrorCode.SYSTEM_FAILURE, th);
            }
        } finally {
            conn.setAutoCommit(origAutoCommit);
        }
    } catch (SQLException ex) {
        throw datasource.translate(null, ex);
    } finally {
        try {
            for (PreparedStatement ps : pss) {
                releaseStatement(ps);
            }
        } finally {
            if (conn != null) {
                datasource.returnConnection(conn);
            }
        }
    }
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) BigInteger(java.math.BigInteger) OperationException(org.xipki.ca.api.OperationException)

Example 43 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method getCertForId.

// method getCertForId
X509CertWithDbId getCertForId(long certId) throws DataAccessException, OperationException {
    final String sql = sqls.sqlRawCertForId;
    String b64Cert;
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setLong(1, certId);
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        b64Cert = rs.getString("CERT");
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
    if (b64Cert == null) {
        return null;
    }
    byte[] encodedCert = Base64.decodeFast(b64Cert);
    X509Certificate cert;
    try {
        cert = X509Util.parseCert(encodedCert);
    } catch (CertificateException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    return new X509CertWithDbId(cert, encodedCert);
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) OperationException(org.xipki.ca.api.OperationException)

Example 44 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method removeFromPublishQueue.

void removeFromPublishQueue(NameId publisher, long certId) throws DataAccessException {
    final String sql = SQLs.SQL_REMOVE_PUBLISHQUEUE;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setLong(2, certId);
        ps.executeUpdate();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 45 with CertId

use of org.bouncycastle.asn1.crmf.CertId in project xipki by xipki.

the class CertStoreQueryExecutor method unrevokeCert.

// method revokeSuspendedCert
X509CertWithDbId unrevokeCert(NameId ca, BigInteger serialNumber, boolean force, boolean publishToDeltaCrlCache, CaIdNameMap idNamMap) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNamMap);
    if (certWithRevInfo == null) {
        LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
        return null;
    }
    CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
    if (currentRevInfo == null) {
        throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
    }
    CrlReason currentReason = currentRevInfo.getReason();
    if (!force) {
        if (currentReason != CrlReason.CERTIFICATE_HOLD) {
            throw new OperationException(ErrorCode.NOT_PERMITTED, "could not unrevoke certificate revoked with reason " + currentReason.getDescription());
        }
    }
    final String sql = "UPDATE CERT SET LUPDATE=?,REV=?,RT=?,RIT=?,RR=? WHERE ID=?";
    long certId = certWithRevInfo.getCert().getCertId().longValue();
    long currentTimeSeconds = System.currentTimeMillis() / 1000;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        int idx = 1;
        ps.setLong(idx++, currentTimeSeconds);
        setBoolean(ps, idx++, false);
        ps.setNull(idx++, Types.INTEGER);
        ps.setNull(idx++, Types.INTEGER);
        ps.setNull(idx++, Types.INTEGER);
        ps.setLong(idx++, certId);
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    if (publishToDeltaCrlCache) {
        publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
    }
    return certWithRevInfo.getCert();
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CrlReason(org.xipki.security.CrlReason) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)26 X509Certificate (java.security.cert.X509Certificate)19 IOException (java.io.IOException)18 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 Extension (org.bouncycastle.asn1.x509.Extension)10 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)10 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 Date (java.util.Date)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 OperationException (org.xipki.ca.api.OperationException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial