Examples with CertID org.bouncycastle.asn1.ocsp.CertID used on opensource projects

Search in sources :

Example 16 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class CertStoreQueryExecutor method getPublishQueueEntries.

// method removeCertificate
List<Long> getPublishQueueEntries(NameId ca, NameId publisher, int numEntries) throws DataAccessException {
    final String sql = sqls.getSqlCidFromPublishQueue(numEntries);
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setInt(1, publisher.getId());
        ps.setInt(2, ca.getId());
        rs = ps.executeQuery();
        List<Long> ret = new ArrayList<>();
        while (rs.next() && ret.size() < numEntries) {
            long certId = rs.getLong("CID");
            if (!ret.contains(certId)) {
                ret.add(certId);
            }
        }
        return ret;
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) ArrayList(java.util.ArrayList) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Example 17 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class CertStoreQueryExecutor method getCertForId.

// method cleanupCrls
X509CertificateInfo getCertForId(NameId ca, X509Cert caCert, long certId, CaIdNameMap idNameMap) throws DataAccessException, CertificateException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("caCert", caCert);
    ParamUtil.requireNonNull("idNameMap", idNameMap);
    final String sql = sqls.sqlCertForId;
    String b64Cert;
    int certprofileId;
    int requestorId;
    boolean revoked;
    int revReason = 0;
    long revTime = 0;
    long revInvTime = 0;
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setLong(1, certId);
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        b64Cert = rs.getString("CERT");
        certprofileId = rs.getInt("PID");
        requestorId = rs.getInt("RID");
        revoked = rs.getBoolean("REV");
        if (revoked) {
            revReason = rs.getInt("RR");
            revTime = rs.getLong("RT");
            revInvTime = rs.getLong("RIT");
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, rs);
    }
    byte[] encodedCert = Base64.decodeFast(b64Cert);
    X509Certificate cert = X509Util.parseCert(encodedCert);
    X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, encodedCert);
    certWithMeta.setCertId(certId);
    X509CertificateInfo certInfo = new X509CertificateInfo(certWithMeta, ca, caCert, cert.getPublicKey().getEncoded(), idNameMap.getCertprofile(certprofileId), idNameMap.getRequestor(requestorId));
    if (!revoked) {
        return certInfo;
    }
    Date invalidityTime = (revInvTime == 0 || revInvTime == revTime) ? null : new Date(revInvTime * 1000);
    CertRevocationInfo revInfo = new CertRevocationInfo(revReason, new Date(revTime * 1000), invalidityTime);
    certInfo.setRevocationInfo(revInfo);
    return certInfo;
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) X509CertificateInfo(org.xipki.ca.api.publisher.x509.X509CertificateInfo) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) CertRevocationInfo(org.xipki.security.CertRevocationInfo) ResultSet(java.sql.ResultSet)

Example 18 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class CertStoreQueryExecutor method revokeCert.

// method addCrl
X509CertWithRevocationInfo revokeCert(NameId ca, BigInteger serialNumber, CertRevocationInfo revInfo, boolean force, boolean publishToDeltaCrlCache, CaIdNameMap idNameMap) throws OperationException, DataAccessException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serialNumber", serialNumber);
    ParamUtil.requireNonNull("revInfo", revInfo);
    X509CertWithRevocationInfo certWithRevInfo = getCertWithRevocationInfo(ca, serialNumber, idNameMap);
    if (certWithRevInfo == null) {
        LOG.warn("certificate with CA={} and serialNumber={} does not exist", ca.getName(), LogUtil.formatCsn(serialNumber));
        return null;
    }
    CertRevocationInfo currentRevInfo = certWithRevInfo.getRevInfo();
    if (currentRevInfo != null) {
        CrlReason currentReason = currentRevInfo.getReason();
        if (currentReason == CrlReason.CERTIFICATE_HOLD) {
            if (revInfo.getReason() == CrlReason.CERTIFICATE_HOLD) {
                throw new OperationException(ErrorCode.CERT_REVOKED, "certificate already revoked with the requested reason " + currentReason.getDescription());
            } else {
                revInfo.setRevocationTime(currentRevInfo.getRevocationTime());
                revInfo.setInvalidityTime(currentRevInfo.getInvalidityTime());
            }
        } else if (!force) {
            throw new OperationException(ErrorCode.CERT_REVOKED, "certificate already revoked with reason " + currentReason.getDescription());
        }
    }
    long certId = certWithRevInfo.getCert().getCertId().longValue();
    long revTimeSeconds = revInfo.getRevocationTime().getTime() / 1000;
    Long invTimeSeconds = null;
    if (revInfo.getInvalidityTime() != null) {
        invTimeSeconds = revInfo.getInvalidityTime().getTime() / 1000;
    }
    PreparedStatement ps = borrowPreparedStatement(SQLs.SQL_REVOKE_CERT);
    try {
        int idx = 1;
        ps.setLong(idx++, System.currentTimeMillis() / 1000);
        setBoolean(ps, idx++, true);
        ps.setLong(idx++, revTimeSeconds);
        setLong(ps, idx++, invTimeSeconds);
        ps.setInt(idx++, revInfo.getReason().getCode());
        ps.setLong(idx++, certId);
        int count = ps.executeUpdate();
        if (count != 1) {
            String message = (count > 1) ? count + " rows modified, but exactly one is expected" : "no row is modified, but exactly one is expected";
            throw new OperationException(ErrorCode.SYSTEM_FAILURE, message);
        }
    } catch (SQLException ex) {
        throw datasource.translate(SQLs.SQL_REVOKE_CERT, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    if (publishToDeltaCrlCache) {
        publishToDeltaCrlCache(ca, certWithRevInfo.getCert().getCert().getSerialNumber());
    }
    certWithRevInfo.setRevInfo(revInfo);
    return certWithRevInfo;
}
Also used : CertRevocationInfo(org.xipki.security.CertRevocationInfo) SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CrlReason(org.xipki.security.CrlReason) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) OperationException(org.xipki.ca.api.OperationException)

Example 19 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class CertStoreQueryExecutor method getCertWithRevocationInfo.

// method getCertForId
X509CertWithRevocationInfo getCertWithRevocationInfo(NameId ca, BigInteger serial, CaIdNameMap idNameMap) throws DataAccessException, OperationException {
    ParamUtil.requireNonNull("ca", ca);
    ParamUtil.requireNonNull("serial", serial);
    ParamUtil.requireNonNull("idNameMap", idNameMap);
    final String sql = sqls.sqlCertWithRevInfo;
    long certId;
    String b64Cert;
    boolean revoked;
    int revReason = 0;
    long revTime = 0;
    long revInvTime = 0;
    int certprofileId = 0;
    ResultSet rs = null;
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        int idx = 1;
        ps.setInt(idx++, ca.getId());
        ps.setString(idx++, serial.toString(16));
        rs = ps.executeQuery();
        if (!rs.next()) {
            return null;
        }
        certId = rs.getLong("ID");
        b64Cert = rs.getString("CERT");
        certprofileId = rs.getInt("PID");
        revoked = rs.getBoolean("REV");
        if (revoked) {
            revReason = rs.getInt("RR");
            revTime = rs.getLong("RT");
            revInvTime = rs.getLong("RIT");
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
    byte[] certBytes = Base64.decodeFast(b64Cert);
    X509Certificate cert;
    try {
        cert = X509Util.parseCert(certBytes);
    } catch (CertificateException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
    }
    CertRevocationInfo revInfo = null;
    if (revoked) {
        Date invalidityTime = (revInvTime == 0) ? null : new Date(1000 * revInvTime);
        revInfo = new CertRevocationInfo(revReason, new Date(1000 * revTime), invalidityTime);
    }
    X509CertWithDbId certWithMeta = new X509CertWithDbId(cert, certBytes);
    certWithMeta.setCertId(certId);
    String profileName = idNameMap.getCertprofileName(certprofileId);
    X509CertWithRevocationInfo ret = new X509CertWithRevocationInfo();
    ret.setCertprofile(profileName);
    ret.setCert(certWithMeta);
    ret.setRevInfo(revInfo);
    return ret;
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) X509CertWithDbId(org.xipki.ca.api.X509CertWithDbId) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) CertRevocationInfo(org.xipki.security.CertRevocationInfo) ResultSet(java.sql.ResultSet) OperationException(org.xipki.ca.api.OperationException)

Example 20 with CertID

use of org.bouncycastle.asn1.ocsp.CertID in project xipki by xipki.

the class CertStoreQueryExecutor method addRequestCert.

void addRequestCert(long requestId, long certId) throws DataAccessException {
    final String sql = SQLs.SQL_ADD_REQCERT;
    long id = idGenerator.nextId();
    PreparedStatement ps = borrowPreparedStatement(sql);
    try {
        ps.setLong(1, id);
        ps.setLong(2, requestId);
        ps.setLong(3, certId);
        ps.executeUpdate();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseDbResources(ps, null);
    }
}
Also used : SQLException(java.sql.SQLException) PreparedStatement(java.sql.PreparedStatement) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DEROctetString(org.bouncycastle.asn1.DEROctetString)

Aggregations

DEROctetString (org.bouncycastle.asn1.DEROctetString)25 X509Certificate (java.security.cert.X509Certificate)18 IOException (java.io.IOException)17 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)15 CertificateException (java.security.cert.CertificateException)12 PreparedStatement (java.sql.PreparedStatement)12 SQLException (java.sql.SQLException)12 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)11 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 Date (java.util.Date)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 Extension (org.bouncycastle.asn1.x509.Extension)9 BigInteger (java.math.BigInteger)8 Certificate (java.security.cert.Certificate)8 CertID (org.bouncycastle.asn1.ocsp.CertID)8 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)8 CertificateID (org.bouncycastle.cert.ocsp.CertificateID)8 OperationException (org.xipki.ca.api.OperationException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial