Examples with CertificateList org.bouncycastle.asn1.x509.CertificateList used on opensource projects
Example 11 with CertificateList
use of org.bouncycastle.asn1.x509.CertificateList in project XobotOS by xamarin.
the class CertPathValidatorUtilities method getCertStatus.
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws AnnotatedException {
// use BC X509CRLObject so that indirect CRLs are supported
X509CRLObject bcCRL = null;
try {
bcCRL = new X509CRLObject(new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded())));
} catch (Exception exception) {
throw new AnnotatedException("Bouncy Castle X509CRLObject could not be created.", exception);
}
// use BC X509CRLEntryObject, so that getCertificateIssuer() is
// supported.
X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL.getRevokedCertificate(getSerialNumber(cert));
if (crl_entry != null && (getEncodedIssuerPrincipal(cert).equals(crl_entry.getCertificateIssuer()) || getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl)))) {
DEREnumerated reasonCode = null;
if (crl_entry.hasExtensions()) {
try {
reasonCode = DEREnumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId()));
} catch (Exception e) {
new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
}
}
// unspecified
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1 || reasonCode.getValue().intValue() == 2 || reasonCode.getValue().intValue() == 8) {
// (i) or (j) (1)
if (reasonCode != null) {
certStatus.setCertStatus(reasonCode.getValue().intValue());
} else // (i) or (j) (2)
{
certStatus.setCertStatus(CRLReason.unspecified);
}
certStatus.setRevocationDate(crl_entry.getRevocationDate());
}
}
}
Also used :
DEREnumerated(org.bouncycastle.asn1.DEREnumerated)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ParseException(java.text.ParseException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertStoreException(java.security.cert.CertStoreException)
CertificateParsingException(java.security.cert.CertificateParsingException)
StoreException(org.bouncycastle.util.StoreException)
IOException(java.io.IOException)
Example 12 with CertificateList
use of org.bouncycastle.asn1.x509.CertificateList in project XobotOS by xamarin.
the class X509CertFactoryImpl method engineGenerateCRLs.
/**
* @see java.security.cert.CertificateFactorySpi#engineGenerateCRLs(InputStream)
* method documentation for more info
*/
public Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) throws CRLException {
if (inStream == null) {
throw new CRLException("inStream == null");
}
ArrayList<CRL> result = new ArrayList<CRL>();
try {
if (!inStream.markSupported()) {
inStream = new RestoringInputStream(inStream);
}
// if it is PEM encoded form this array will contain the encoding
// so ((it is PEM) <-> (encoding != null))
byte[] encoding = null;
// The following by SEQUENCE ASN.1 tag, used for
// recognizing the data format
// (is it PKCS7 ContentInfo structure, X.509 CRL, or
// unsupported encoding)
int second_asn1_tag = -1;
inStream.mark(1);
int ch;
while ((ch = inStream.read()) != -1) {
// check if it is PEM encoded form
if (ch == '-') {
// beginning of PEM encoding ('-' char)
// decode PEM chunk and store its content (ASN.1 encoding)
encoding = decodePEM(inStream, FREE_BOUND_SUFFIX);
} else if (ch == 0x30) {
// beginning of ASN.1 sequence (0x30)
encoding = null;
inStream.reset();
// prepare for data format determination
inStream.mark(CRL_CACHE_SEED_LENGTH);
} else {
// unsupported data
if (result.size() == 0) {
throw new CRLException("Unsupported encoding");
} else {
// it can be trailing user data,
// so keep it in the stream
inStream.reset();
return result;
}
}
// Check the data format
BerInputStream in = (encoding == null) ? new BerInputStream(inStream) : new BerInputStream(encoding);
// read the next ASN.1 tag
second_asn1_tag = in.next();
if (encoding == null) {
// keep whole structure in the stream
inStream.reset();
}
// check if it is a TBSCertList structure
if (second_asn1_tag != ASN1Constants.TAG_C_SEQUENCE) {
if (result.size() == 0) {
// whether it is PKCS7 structure
break;
} else {
// so return what we already read
return result;
}
} else {
if (encoding == null) {
result.add(getCRL(inStream));
} else {
result.add(getCRL(encoding));
}
}
inStream.mark(1);
}
if (result.size() != 0) {
// the stream was read out
return result;
} else if (ch == -1) {
throw new CRLException("There is no data in the stream");
}
// else: check if it is PKCS7
if (second_asn1_tag == ASN1Constants.TAG_OID) {
// it is PKCS7 ContentInfo structure, so decode it
ContentInfo info = (ContentInfo) ((encoding != null) ? ContentInfo.ASN1.decode(encoding) : ContentInfo.ASN1.decode(inStream));
// retrieve SignedData
SignedData data = info.getSignedData();
if (data == null) {
throw new CRLException("Invalid PKCS7 data provided");
}
List<CertificateList> crls = data.getCRLs();
if (crls != null) {
for (CertificateList crl : crls) {
result.add(new X509CRLImpl(crl));
}
}
return result;
}
// else: Unknown data format
throw new CRLException("Unsupported encoding");
} catch (IOException e) {
throw new CRLException(e);
}
}
Also used :
SignedData(org.apache.harmony.security.pkcs7.SignedData)
ArrayList(java.util.ArrayList)
CertificateList(org.apache.harmony.security.x509.CertificateList)
IOException(java.io.IOException)
ContentInfo(org.apache.harmony.security.pkcs7.ContentInfo)
X509CRL(java.security.cert.X509CRL)
CRL(java.security.cert.CRL)
BerInputStream(org.apache.harmony.security.asn1.BerInputStream)
CRLException(java.security.cert.CRLException)
Example 13 with CertificateList
use of org.bouncycastle.asn1.x509.CertificateList in project xipki by xipki.
the class X509CmpRequestor method evaluateCrlResponse.
private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
ParamUtil.requireNonNull("response", response);
checkProtection(response);
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
X509CRL crl;
try {
crl = X509Util.toX509Crl(certList);
} catch (CRLException | CertificateException ex) {
throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
}
return crl;
}
Also used :
PKIBody(org.bouncycastle.asn1.cmp.PKIBody)
X509CRL(java.security.cert.X509CRL)
GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
CertificateException(java.security.cert.CertificateException)
PkiErrorException(org.xipki.ca.client.api.PkiErrorException)
InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent)
CRLException(java.security.cert.CRLException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 14 with CertificateList
use of org.bouncycastle.asn1.x509.CertificateList in project signer by demoiselle.
the class RevocationValues method getValue.
@Override
public Attribute getValue() throws SignerException {
List<X509CRL> crlList = new ArrayList<X509CRL>();
ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
try {
int chainSize = certificates.length - 1;
for (int ix = 0; ix < chainSize; ix++) {
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crlList.add(icpCrl.getCRL());
}
}
if (crlList.isEmpty()) {
throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
} else {
for (X509CRL varCrl : crlList) {
crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
}
}
CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
// org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
} catch (Exception e) {
throw new SignerException(e.getMessage());
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
Attribute(org.bouncycastle.asn1.cms.Attribute)
UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute)
ArrayList(java.util.ArrayList)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
DERSet(org.bouncycastle.asn1.DERSet)
X509Certificate(java.security.cert.X509Certificate)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL)
DERSequence(org.bouncycastle.asn1.DERSequence)
BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse)
SignerException(org.demoiselle.signer.policy.impl.cades.SignerException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Example 15 with CertificateList
use of org.bouncycastle.asn1.x509.CertificateList in project candlepin by candlepin.
the class X509CRLStreamWriter method writeToEmptyCrl.
protected void writeToEmptyCrl(OutputStream out) throws IOException {
ASN1InputStream asn1in = null;
try {
asn1in = new ASN1InputStream(crlIn);
ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
CertificateList certList = CertificateList.getInstance(certListSeq);
X509CRLHolder oldCrl = new X509CRLHolder(certList);
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
crlBuilder.addCRL(oldCrl);
Date now = new Date();
Date oldNextUpdate = certList.getNextUpdate().getDate();
Date oldThisUpdate = certList.getThisUpdate().getDate();
Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
crlBuilder.setNextUpdate(nextUpdate);
for (Object o : oldCrl.getExtensionOIDs()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
Extension ext = oldCrl.getExtension(oid);
if (oid.equals(Extension.cRLNumber)) {
ASN1OctetString octet = ext.getExtnValue();
ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
} else if (oid.equals(Extension.authorityKeyIdentifier)) {
crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
}
}
for (DERSequence entry : newEntries) {
// XXX: This is all a bit messy considering the user already passed in the serial, date
// and reason.
BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
int reason = CRLReason.unspecified;
if (entry.size() == 3) {
Extensions extensions = (Extensions) entry.getObjectAt(2);
Extension reasonExt = extensions.getExtension(Extension.reasonCode);
if (reasonExt != null) {
reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
}
}
crlBuilder.addCRLEntry(serial, revokeDate, reason);
}
if (signingAlg == null) {
signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
}
ContentSigner s;
try {
s = createContentSigner(signingAlg, key);
X509CRLHolder newCrl = crlBuilder.build(s);
out.write(newCrl.getEncoded());
} catch (OperatorCreationException e) {
throw new IOException("Could not sign CRL", e);
}
} finally {
IOUtils.closeQuietly(asn1in);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
CertificateList(org.bouncycastle.asn1.x509.CertificateList)
ContentSigner(org.bouncycastle.operator.ContentSigner)
DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime)
ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime)
DERUTCTime(org.bouncycastle.asn1.DERUTCTime)
Time(org.bouncycastle.asn1.x509.Time)
ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime)
ASN1Integer(org.bouncycastle.asn1.ASN1Integer)
IOException(java.io.IOException)
Extensions(org.bouncycastle.asn1.x509.Extensions)
Date(java.util.Date)
Extension(org.bouncycastle.asn1.x509.Extension)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
DERSequence(org.bouncycastle.asn1.DERSequence)
ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated)
X509CRLHolder(org.bouncycastle.cert.X509CRLHolder)
BigInteger(java.math.BigInteger)
X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder)
ASN1Object(org.bouncycastle.asn1.ASN1Object)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
CertificateList (org.bouncycastle.asn1.x509.CertificateList)10
IOException (java.io.IOException)6
CRLException (java.security.cert.CRLException)6
X509CRL (java.security.cert.X509CRL)5
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5
Date (java.util.Date)4
DERSequence (org.bouncycastle.asn1.DERSequence)4
CertificateException (java.security.cert.CertificateException)3
ArrayList (java.util.ArrayList)3
ASN1Integer (org.bouncycastle.asn1.ASN1Integer)3
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)3
X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)3
OperationException (org.xipki.ca.api.OperationException)3
BigInteger (java.math.BigInteger)2
CRL (java.security.cert.CRL)2
X509Certificate (java.security.cert.X509Certificate)2
BerInputStream (org.apache.harmony.security.asn1.BerInputStream)2
ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)2
SignedData (org.apache.harmony.security.pkcs7.SignedData)2
CertificateList (org.apache.harmony.security.x509.CertificateList)2
