Examples with CRLNumber org.bouncycastle.asn1.x509.CRLNumber used on opensource projects

Search in sources :

Example 1 with CRLNumber

use of org.bouncycastle.asn1.x509.CRLNumber in project oxAuth by GluuFederation.

the class CRLCertificateVerifier method getCrlNumber.

@SuppressWarnings({ "deprecation", "resource" })
private BigInteger getCrlNumber(X509CRL crl) throws IOException {
    byte[] crlNumberExtensionValue = crl.getExtensionValue(X509Extensions.CRLNumber.getId());
    if (crlNumberExtensionValue == null) {
        return null;
    }
    DEROctetString octetString = (DEROctetString) (new ASN1InputStream(new ByteArrayInputStream(crlNumberExtensionValue)).readObject());
    byte[] octets = octetString.getOctets();
    DERInteger integer = (DERInteger) new ASN1InputStream(octets).readObject();
    BigInteger crlNumber = integer.getPositiveValue();
    return crlNumber;
}
Also used : ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) BigInteger(java.math.BigInteger) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERInteger(org.bouncycastle.asn1.DERInteger)

Example 2 with CRLNumber

use of org.bouncycastle.asn1.x509.CRLNumber in project poi by apache.

the class PkiTestUtils method generateCrl.

public static X509CRL generateCrl(X509Certificate issuer, PrivateKey issuerPrivateKey) throws CertificateEncodingException, IOException, CRLException, OperatorCreationException {
    X509CertificateHolder holder = new X509CertificateHolder(issuer.getEncoded());
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(holder.getIssuer(), new Date());
    crlBuilder.setNextUpdate(new Date(new Date().getTime() + 100000));
    JcaContentSignerBuilder contentBuilder = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC");
    CRLNumber crlNumber = new CRLNumber(new BigInteger("1234"));
    crlBuilder.addExtension(Extension.cRLNumber, false, crlNumber);
    X509CRLHolder x509Crl = crlBuilder.build(contentBuilder.build(issuerPrivateKey));
    return new JcaX509CRLConverter().setProvider("BC").getCRL(x509Crl);
}
Also used : JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) Date(java.util.Date)

Example 3 with CRLNumber

use of org.bouncycastle.asn1.x509.CRLNumber in project keystore-explorer by kaikramer.

the class X509Ext method getDeltaCrlIndicatorStringValue.

private String getDeltaCrlIndicatorStringValue(byte[] value) throws IOException {
    // @formatter:off
    /*
		 * deltaCRLIndicator EXTENSION ::= { SYNTAX BaseCRLNumber IDENTIFIED BY
		 * id-ce-deltaCRLIndicator }
		 *
		 * BaseCRLNumber ::= CRLNumber
		 *
		 * CRLNumber ::= ASN1Integer (0..MAX)
		 */
    // @formatter:on
    CRLNumber crlNumber = CRLNumber.getInstance(value);
    BigInteger crlNum = crlNumber.getCRLNumber();
    return HexUtil.getHexString(crlNum) + NEWLINE;
}
Also used : CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BigInteger(java.math.BigInteger)

Example 4 with CRLNumber

use of org.bouncycastle.asn1.x509.CRLNumber in project keystore-explorer by kaikramer.

the class X509Ext method getCrlNumberStringValue.

private String getCrlNumberStringValue(byte[] value) throws IOException {
    // @formatter:off
    /* CRLNumber ::= ASN1Integer (0..MAX) */
    // @formatter:on
    StringBuilder sb = new StringBuilder();
    CRLNumber crlNumber = CRLNumber.getInstance(value);
    sb.append(HexUtil.getHexString(crlNumber.getCRLNumber()));
    sb.append(NEWLINE);
    return sb.toString();
}
Also used : CRLNumber(org.bouncycastle.asn1.x509.CRLNumber)

Example 5 with CRLNumber

use of org.bouncycastle.asn1.x509.CRLNumber in project xipki by xipki.

the class ImportCrl method importCa.

private int importCa(Connection conn) throws DataAccessException, ImportCrlException {
    byte[] encodedCaCert;
    try {
        encodedCaCert = caCert.getEncoded();
    } catch (CertificateEncodingException ex) {
        throw new ImportCrlException("could not encode CA certificate");
    }
    String fpCaCert = HashAlgo.SHA1.base64Hash(encodedCaCert);
    Integer issuerId = null;
    CrlInfo crlInfo = null;
    PreparedStatement ps = null;
    ResultSet rs = null;
    String sql = null;
    try {
        sql = "SELECT ID,CRL_INFO FROM ISSUER WHERE S1C=?";
        ps = datasource.prepareStatement(conn, sql);
        ps.setString(1, fpCaCert);
        rs = ps.executeQuery();
        if (rs.next()) {
            issuerId = rs.getInt("ID");
            String str = rs.getString("CRL_INFO");
            if (str == null) {
                throw new ImportCrlException("RequestIssuer for the given CA of CRL exists, but not imported from CRL");
            }
            crlInfo = new CrlInfo(str);
        }
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseResources(ps, rs);
    }
    boolean addNew = (issuerId == null);
    if (addNew) {
        if (isDeltaCrl) {
            throw new ImportCrlException("Given CRL is a deltaCRL for the full CRL with number " + baseCrlNumber + ", please import this full CRL first.");
        } else {
            crlInfo = new CrlInfo(crlNumber, null, useCrlUpdates, crl.getThisUpdate(), crl.getNextUpdate(), crlId);
        }
    } else {
        if (crlNumber.compareTo(crlInfo.getCrlNumber()) < 0) {
            // which enables the resume of importing process if error occurred.
            throw new ImportCrlException("Given CRL is not newer than existing CRL.");
        }
        if (isDeltaCrl) {
            BigInteger lastFullCrlNumber = crlInfo.getBaseCrlNumber();
            if (lastFullCrlNumber == null) {
                lastFullCrlNumber = crlInfo.getCrlNumber();
            }
            if (!baseCrlNumber.equals(lastFullCrlNumber)) {
                throw new ImportCrlException("Given CRL is a deltaCRL for the full CRL with number " + crlNumber + ", please import this full CRL first.");
            }
        }
        crlInfo.setCrlNumber(crlNumber);
        crlInfo.setBaseCrlNumber(isDeltaCrl ? baseCrlNumber : null);
        crlInfo.setThisUpdate(crl.getThisUpdate());
        crlInfo.setNextUpdate(crl.getNextUpdate());
    }
    ps = null;
    rs = null;
    sql = null;
    try {
        // issuer exists
        if (addNew) {
            int maxId = (int) datasource.getMax(conn, "ISSUER", "ID");
            issuerId = maxId + 1;
            sql = "INSERT INTO ISSUER (ID,SUBJECT,NBEFORE,NAFTER,S1C,CERT,REV,RT,RIT,CRL_INFO)" + " VALUES(?,?,?,?,?,?,?,?,?,?)";
        } else {
            sql = "UPDATE ISSUER SET REV=?,RT=?,RIT=?,CRL_INFO=? WHERE ID=?";
        }
        ps = datasource.prepareStatement(conn, sql);
        int offset = 1;
        if (addNew) {
            String subject = X509Util.getRfc4519Name(caCert.getSubjectX500Principal());
            ps.setInt(offset++, issuerId);
            ps.setString(offset++, subject);
            ps.setLong(offset++, caCert.getNotBefore().getTime() / 1000);
            ps.setLong(offset++, caCert.getNotAfter().getTime() / 1000);
            ps.setString(offset++, fpCaCert);
            ps.setString(offset++, Base64.encodeToString(encodedCaCert));
        }
        ps.setInt(offset++, (caRevInfo == null) ? 0 : 1);
        Date revTime = null;
        Date revInvTime = null;
        if (caRevInfo != null) {
            revTime = caRevInfo.getRevocationTime();
            revInvTime = caRevInfo.getInvalidityTime();
        }
        if (revTime != null) {
            ps.setLong(offset++, revTime.getTime() / 1000);
        } else {
            ps.setNull(offset++, Types.BIGINT);
        }
        if (revInvTime != null) {
            ps.setLong(offset++, revInvTime.getTime() / 1000);
        } else {
            ps.setNull(offset++, Types.BIGINT);
        }
        // CRL info
        try {
            ps.setString(offset++, crlInfo.getEncoded());
        } catch (IOException ex) {
            throw new ImportCrlException("could not encode the Crlinfo", ex);
        }
        if (!addNew) {
            ps.setInt(offset++, issuerId.intValue());
        }
        ps.executeUpdate();
        return issuerId.intValue();
    } catch (SQLException ex) {
        throw datasource.translate(sql, ex);
    } finally {
        releaseResources(ps, rs);
    }
}
Also used : SQLException(java.sql.SQLException) CertificateEncodingException(java.security.cert.CertificateEncodingException) PreparedStatement(java.sql.PreparedStatement) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) IOException(java.io.IOException) Date(java.util.Date) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) BigInteger(java.math.BigInteger) CrlInfo(org.xipki.ocsp.api.CrlInfo) ResultSet(java.sql.ResultSet) BigInteger(java.math.BigInteger)

Aggregations

BigInteger (java.math.BigInteger)19 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)16 Date (java.util.Date)13 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)11 DEROctetString (org.bouncycastle.asn1.DEROctetString)10 CRLException (java.security.cert.CRLException)9 X509CRL (java.security.cert.X509CRL)9 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)9 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)9 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)9 HashSet (java.util.HashSet)8 IOException (java.io.IOException)7 AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)7 File (java.io.File)6 PreparedStatement (java.sql.PreparedStatement)6 SQLException (java.sql.SQLException)6 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)6 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)6 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)6 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial