use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.
the class X509CRLStreamWriter method writeToEmptyCrl.
protected void writeToEmptyCrl(OutputStream out) throws IOException {
ASN1InputStream asn1in = null;
try {
asn1in = new ASN1InputStream(crlIn);
ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
CertificateList certList = CertificateList.getInstance(certListSeq);
X509CRLHolder oldCrl = new X509CRLHolder(certList);
X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
crlBuilder.addCRL(oldCrl);
Date now = new Date();
Date oldNextUpdate = certList.getNextUpdate().getDate();
Date oldThisUpdate = certList.getThisUpdate().getDate();
Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
crlBuilder.setNextUpdate(nextUpdate);
for (Object o : oldCrl.getExtensionOIDs()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
Extension ext = oldCrl.getExtension(oid);
if (oid.equals(Extension.cRLNumber)) {
ASN1OctetString octet = ext.getExtnValue();
ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
} else if (oid.equals(Extension.authorityKeyIdentifier)) {
crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
}
}
for (DERSequence entry : newEntries) {
// XXX: This is all a bit messy considering the user already passed in the serial, date
// and reason.
BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
int reason = CRLReason.unspecified;
if (entry.size() == 3) {
Extensions extensions = (Extensions) entry.getObjectAt(2);
Extension reasonExt = extensions.getExtension(Extension.reasonCode);
if (reasonExt != null) {
reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
}
}
crlBuilder.addCRLEntry(serial, revokeDate, reason);
}
if (signingAlg == null) {
signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
}
ContentSigner s;
try {
s = createContentSigner(signingAlg, key);
X509CRLHolder newCrl = crlBuilder.build(s);
out.write(newCrl.getEncoded());
} catch (OperatorCreationException e) {
throw new IOException("Could not sign CRL", e);
}
} finally {
IOUtils.closeQuietly(asn1in);
}
}
use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.
the class X509CRLStreamWriter method offsetNextUpdate.
/**
* Write a new nextUpdate time that is the same amount of time ahead of the new thisUpdate
* time as the old nextUpdate was from the old thisUpdate.
*
* @param out
* @param tagNo
* @param oldThisUpdate
* @throws IOException
*/
protected void offsetNextUpdate(OutputStream out, int tagNo, Date oldThisUpdate) throws IOException {
int originalLength = readLength(crlIn, null);
byte[] oldBytes = new byte[originalLength];
readFullyAndTrack(crlIn, oldBytes, null);
ASN1Object oldTime = null;
if (tagNo == UTC_TIME) {
ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
oldTime = ASN1UTCTime.getInstance(t, false);
} else {
ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
oldTime = ASN1GeneralizedTime.getInstance(t, false);
}
/* Determine the time between the old thisUpdate and old nextUpdate and add it
/* to the new nextUpdate. */
Date oldNextUpdate = Time.getInstance(oldTime).getDate();
long delta = oldNextUpdate.getTime() - oldThisUpdate.getTime();
Date newNextUpdate = new Date(new Date().getTime() + delta);
ASN1Object newTime = null;
if (tagNo == UTC_TIME) {
newTime = new DERUTCTime(newNextUpdate);
} else {
newTime = new DERGeneralizedTime(newNextUpdate);
}
writeNewTime(out, newTime, originalLength);
}
use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.
the class X509CRLStreamWriter method readAndReplaceTime.
/**
* Replace a time in the ASN1 with the current time.
*
* @param out
* @param tagNo
* @return the time that was replaced
* @throws IOException
*/
protected Date readAndReplaceTime(OutputStream out, int tagNo) throws IOException {
int originalLength = readLength(crlIn, null);
byte[] oldBytes = new byte[originalLength];
readFullyAndTrack(crlIn, oldBytes, null);
ASN1Object oldTime;
ASN1Object newTime;
if (tagNo == UTC_TIME) {
ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
oldTime = ASN1UTCTime.getInstance(t, false);
newTime = new DERUTCTime(new Date());
} else {
ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
oldTime = ASN1GeneralizedTime.getInstance(t, false);
newTime = new DERGeneralizedTime(new Date());
}
writeNewTime(out, newTime, originalLength);
return Time.getInstance(oldTime).getDate();
}
use of org.bouncycastle.asn1.x509.Time in project keystore-explorer by kaikramer.
the class TimeStampingClient method getTimeStampToken.
/**
* Get RFC 3161 timeStampToken.
*
* @param tsaUrl Location of TSA
* @param data The data to be time-stamped
* @param hashAlg The algorithm used for generating a hash value of the data to be time-stamped
* @return encoded, TSA signed data of the timeStampToken
* @throws IOException
*/
public static byte[] getTimeStampToken(String tsaUrl, byte[] data, DigestType hashAlg) throws IOException {
TimeStampResponse response = null;
try {
// calculate hash value
MessageDigest digest = MessageDigest.getInstance(hashAlg.jce());
byte[] hashValue = digest.digest(data);
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.setCertReq(true);
BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
TimeStampRequest request = tsqGenerator.generate(new ASN1ObjectIdentifier(hashAlg.oid()), hashValue, nonce);
byte[] requestBytes = request.getEncoded();
// send http request
byte[] respBytes = queryServer(tsaUrl, requestBytes);
// process response
response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.validate(request);
PKIFailureInfo failure = response.getFailInfo();
int value = failure == null ? 0 : failure.intValue();
if (value != 0) {
throw new IOException("Server returned error code: " + String.valueOf(value));
}
} catch (NoSuchAlgorithmException e) {
throw new IOException(e);
} catch (TSPException e) {
throw new IOException(e);
}
// extract the time stamp token
TimeStampToken tsToken = response.getTimeStampToken();
if (tsToken == null) {
throw new IOException("TSA returned no time stamp token: " + response.getStatusString());
}
return tsToken.getEncoded();
}
use of org.bouncycastle.asn1.x509.Time in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testUserRevokeNullReason.
// Tests attempting to revoke a user with Null reason
@Test
public void testUserRevokeNullReason() throws Exception {
thrown.expect(EnrollmentException.class);
thrown.expectMessage("Failed to re-enroll user");
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, -1);
// avoid any clock skewing.
Date revokedTinyBitAgoTime = calendar.getTime();
SampleUser user = getTestUser(TEST_USER1_ORG);
if (!user.isRegistered()) {
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "testUserRevoke";
rr.setSecret(password);
rr.addAttribute(new Attribute("user.role", "department lead"));
rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
// Admin can register other users.
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
}
sleepALittle();
if (!user.isEnrolled()) {
EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
req.addHost("example3.ibm.com");
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
// verify
String cert = user.getEnrollment().getCert();
verifyOptions(cert, req);
}
sleepALittle();
int startedWithRevokes = -1;
if (!testConfig.isRunningAgainstFabric10()) {
// one more after we do this revoke.
startedWithRevokes = getRevokes(null).length;
}
// revoke all enrollment of this user
client.revoke(admin, user.getName(), null);
if (!testConfig.isRunningAgainstFabric10()) {
final int newRevokes = getRevokes(null).length;
assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
}
// trying to reenroll the revoked user should fail with an EnrollmentException
client.reenroll(user);
}
Aggregations