Example 11 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class X509Ca method unrevokeCertificate0.
// method revokeSuspendedCert0
private X509CertWithDbId unrevokeCertificate0(BigInteger serialNumber, boolean force, AuditEvent event) throws OperationException {
String hexSerial = LogUtil.formatCsn(serialNumber);
event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
LOG.info(" START unrevokeCertificate: ca={}, serialNumber={}", caIdent, hexSerial);
X509CertWithDbId unrevokedCert = certstore.unrevokeCertificate(caIdent, serialNumber, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
if (unrevokedCert == null) {
return null;
}
for (IdentifiedX509CertPublisher publisher : publishers()) {
if (!publisher.isAsyn()) {
boolean successful;
try {
successful = publisher.certificateUnrevoked(caCert, unrevokedCert);
} catch (RuntimeException ex) {
successful = false;
LogUtil.error(LOG, ex, "could not publish unrevocation of certificate to the publisher " + publisher.getIdent());
}
if (successful) {
continue;
}
}
// end if
Long certId = unrevokedCert.getCertId();
try {
certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not add entry to PublishQueue");
}
}
// end for
LOG.info("SUCCESSFUL unrevokeCertificate: ca={}, serialNumber={}, revocationResult=UNREVOKED", caIdent, hexSerial);
return unrevokedCert;
}
Also used :
X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
Example 12 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class X509Ca method publishCertsInQueue.
private boolean publishCertsInQueue(IdentifiedX509CertPublisher publisher) {
ParamUtil.requireNonNull("publisher", publisher);
final int numEntries = 500;
while (true) {
List<Long> certIds;
try {
certIds = certstore.getPublishQueueEntries(caIdent, publisher.getIdent(), numEntries);
} catch (OperationException ex) {
LogUtil.error(LOG, ex);
return false;
}
if (CollectionUtil.isEmpty(certIds)) {
break;
}
for (Long certId : certIds) {
X509CertificateInfo certInfo;
try {
certInfo = certstore.getCertificateInfoForId(caIdent, caCert, certId, caIdNameMap);
} catch (OperationException | CertificateException ex) {
LogUtil.error(LOG, ex);
return false;
}
boolean successful = publisher.certificateAdded(certInfo);
if (!successful) {
LOG.error("republishing certificate id={} failed", certId);
return false;
}
try {
certstore.removeFromPublishQueue(publisher.getIdent(), certId);
} catch (OperationException ex) {
LogUtil.warn(LOG, ex, "could not remove republished cert id=" + certId + " and publisher=" + publisher.getIdent());
continue;
}
}
// end for
}
return true;
}
Also used :
X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo)
CertificateException(java.security.cert.CertificateException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
OperationException(org.xipki.ca.api.OperationException)
Example 13 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class X509Ca method revokeCertificate0.
// method removeCertificate0
private X509CertWithRevocationInfo revokeCertificate0(BigInteger serialNumber, CrlReason reason, Date invalidityTime, boolean force, AuditEvent event) throws OperationException {
String hexSerial = LogUtil.formatCsn(serialNumber);
event.addEventData(CaAuditConstants.NAME_serial, hexSerial);
event.addEventData(CaAuditConstants.NAME_reason, reason.getDescription());
if (invalidityTime != null) {
event.addEventData(CaAuditConstants.NAME_invalidityTime, DateUtil.toUtcTimeyyyyMMddhhmmss(invalidityTime));
}
LOG.info(" START revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}", caIdent, hexSerial, reason.getDescription(), invalidityTime);
X509CertWithRevocationInfo revokedCert = null;
CertRevocationInfo revInfo = new CertRevocationInfo(reason, new Date(), invalidityTime);
revokedCert = certstore.revokeCertificate(caIdent, serialNumber, revInfo, force, shouldPublishToDeltaCrlCache(), caIdNameMap);
if (revokedCert == null) {
return null;
}
for (IdentifiedX509CertPublisher publisher : publishers()) {
if (!publisher.isAsyn()) {
boolean successful;
try {
successful = publisher.certificateRevoked(caCert, revokedCert.getCert(), revokedCert.getCertprofile(), revokedCert.getRevInfo());
} catch (RuntimeException ex) {
successful = false;
LogUtil.error(LOG, ex, "could not publish revocation of certificate to the publisher " + publisher.getIdent());
}
if (successful) {
continue;
}
}
// end if
Long certId = revokedCert.getCert().getCertId();
try {
certstore.addToPublishQueue(publisher.getIdent(), certId.longValue(), caIdent);
} catch (Throwable th) {
LogUtil.error(LOG, th, "could not add entry to PublishQueue");
}
}
if (LOG.isInfoEnabled()) {
LOG.info("SUCCESSFUL revokeCertificate: ca={}, serialNumber={}, reason={}, invalidityTime={}," + " revocationResult=REVOKED", caIdent, hexSerial, reason.getDescription(), invalidityTime);
}
return revokedCert;
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
X509CertWithRevocationInfo(org.xipki.ca.server.impl.store.X509CertWithRevocationInfo)
Date(java.util.Date)
Example 14 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project keepass2android by PhilippC.
the class CertBag method toASN1Object.
public DERObject toASN1Object() {
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(certId);
v.add(new DERTaggedObject(0, certValue));
return new DERSequence(v);
}
Also used :
DERSequence(org.bouncycastle.asn1.DERSequence)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
ASN1EncodableVector(org.bouncycastle.asn1.ASN1EncodableVector)
Example 15 with CertID
use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.
the class CertStoreQueryExecutor method revokeSuspendedCert.
// method revokeCert
X509CertWithRevocationInfo revokeSuspendedCert(NameId ca, BigInteger serialNumber, CrlReason reason, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
ParamUtil.requireNonNull("ca", ca);
ParamUtil.requireNonNull("serialNumber", serialNumber);
ParamUtil.requireNonNull("reason", reason);
X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
if (certWithRevInfo == null) {
LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
return null;
}
CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
if (currentRevInfo == null) {
throw new OperationException(ErrorCode.CERT_UNREVOKED, "certificate is not revoked");
}
CrlReason currentReason = currentRevInfo.getReason();
if (currentReason != CrlReason.CERTIFICATE_HOLD) {
throw new OperationException(ErrorCode.CERT_REVOKED, "certificate is revoked but not with reason " + CrlReason.CERTIFICATE_HOLD.getDescription());
}
long certId = certWithRevInfo.getCert().getCertId().longValue();
PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_SUSPENDED_CERT);
try {
int idx = 1;
ps.setLong(idx++, System.currentTimeMillis() / 1000);
ps.setInt(idx++, reason.getCode());
ps.setLong(idx++, certId);
int count = ps.executeUpdate();
if (count != 1) {
String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
}
} catch (SQLException ex) {
throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
} finally {
releaseDbResources(ps, null);
}
if (publishToDeltaCrlCache) {
publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
}
currentRevInfo.setReason(reason);
return certWithRevInfo;
}
Also used :
CertRevocationInfo(org.xipki.security.CertRevocationInfo)
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
CrlReason(org.xipki.security.CrlReason)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
OperationException(org.xipki.ca.api.OperationException)
Aggregations
DEROctetString (org.bouncycastle.asn1.DEROctetString)25
X509Certificate (java.security.cert.X509Certificate)18
IOException (java.io.IOException)17
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15
CertificateException (java.security.cert.CertificateException)12
PreparedStatement (java.sql.PreparedStatement)12
SQLException (java.sql.SQLException)12
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
Date (java.util.Date)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
Extension (org.bouncycastle.asn1.x509.Extension)9
BigInteger (java.math.BigInteger)8
Certificate (java.security.cert.Certificate)8
CertID (org.bouncycastle.asn1.ocsp.CertID)8
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8
CertificateID (org.bouncycastle.cert.ocsp.CertificateID)8
OperationException (org.xipki.ca.api.OperationException)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
