Examples with Time org.bouncycastle.asn1.x509.Time used on opensource projects

Example 51 with Time

use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.

the class X509CRLStreamWriter method writeToEmptyCrl.

protected void writeToEmptyCrl(OutputStream out) throws IOException {
    ASN1InputStream asn1in = null;
    try {
        asn1in = new ASN1InputStream(crlIn);
        ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
        CertificateList certList = CertificateList.getInstance(certListSeq);
        X509CRLHolder oldCrl = new X509CRLHolder(certList);
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
        crlBuilder.addCRL(oldCrl);
        Date now = new Date();
        Date oldNextUpdate = certList.getNextUpdate().getDate();
        Date oldThisUpdate = certList.getThisUpdate().getDate();
        Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
        crlBuilder.setNextUpdate(nextUpdate);
        for (Object o : oldCrl.getExtensionOIDs()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
            Extension ext = oldCrl.getExtension(oid);
            if (oid.equals(Extension.cRLNumber)) {
                ASN1OctetString octet = ext.getExtnValue();
                ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
                ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
                crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
            } else if (oid.equals(Extension.authorityKeyIdentifier)) {
                crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
            }
        }
        for (DERSequence entry : newEntries) {
            // XXX: This is all a bit messy considering the user already passed in the serial, date
            // and reason.
            BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
            Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
            int reason = CRLReason.unspecified;
            if (entry.size() == 3) {
                Extensions extensions = (Extensions) entry.getObjectAt(2);
                Extension reasonExt = extensions.getExtension(Extension.reasonCode);
                if (reasonExt != null) {
                    reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
                }
            }
            crlBuilder.addCRLEntry(serial, revokeDate, reason);
        }
        if (signingAlg == null) {
            signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
        }
        ContentSigner s;
        try {
            s = createContentSigner(signingAlg, key);
            X509CRLHolder newCrl = crlBuilder.build(s);
            out.write(newCrl.getEncoded());
        } catch (OperatorCreationException e) {
            throw new IOException("Could not sign CRL", e);
        }
    } finally {
        IOUtils.closeQuietly(asn1in);
    }
}

Example 52 with Time

use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.

the class X509CRLStreamWriter method offsetNextUpdate.

/**
 * Write a new nextUpdate time that is the same amount of time ahead of the new thisUpdate
 * time as the old nextUpdate was from the old thisUpdate.
 *
 * @param out
 * @param tagNo
 * @param oldThisUpdate
 * @throws IOException
 */
protected void offsetNextUpdate(OutputStream out, int tagNo, Date oldThisUpdate) throws IOException {
    int originalLength = readLength(crlIn, null);
    byte[] oldBytes = new byte[originalLength];
    readFullyAndTrack(crlIn, oldBytes, null);
    ASN1Object oldTime = null;
    if (tagNo == UTC_TIME) {
        ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1UTCTime.getInstance(t, false);
    } else {
        ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1GeneralizedTime.getInstance(t, false);
    }
    /* Determine the time between the old thisUpdate and old nextUpdate and add it
        /* to the new nextUpdate. */
    Date oldNextUpdate = Time.getInstance(oldTime).getDate();
    long delta = oldNextUpdate.getTime() - oldThisUpdate.getTime();
    Date newNextUpdate = new Date(new Date().getTime() + delta);
    ASN1Object newTime = null;
    if (tagNo == UTC_TIME) {
        newTime = new DERUTCTime(newNextUpdate);
    } else {
        newTime = new DERGeneralizedTime(newNextUpdate);
    }
    writeNewTime(out, newTime, originalLength);
}

Example 53 with Time

use of org.bouncycastle.asn1.x509.Time in project candlepin by candlepin.

the class X509CRLStreamWriter method readAndReplaceTime.

/**
 * Replace a time in the ASN1 with the current time.
 *
 * @param out
 * @param tagNo
 * @return the time that was replaced
 * @throws IOException
 */
protected Date readAndReplaceTime(OutputStream out, int tagNo) throws IOException {
    int originalLength = readLength(crlIn, null);
    byte[] oldBytes = new byte[originalLength];
    readFullyAndTrack(crlIn, oldBytes, null);
    ASN1Object oldTime;
    ASN1Object newTime;
    if (tagNo == UTC_TIME) {
        ASN1TaggedObject t = new DERTaggedObject(UTC_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1UTCTime.getInstance(t, false);
        newTime = new DERUTCTime(new Date());
    } else {
        ASN1TaggedObject t = new DERTaggedObject(GENERALIZED_TIME, new DEROctetString(oldBytes));
        oldTime = ASN1GeneralizedTime.getInstance(t, false);
        newTime = new DERGeneralizedTime(new Date());
    }
    writeNewTime(out, newTime, originalLength);
    return Time.getInstance(oldTime).getDate();
}

Example 54 with Time

use of org.bouncycastle.asn1.x509.Time in project keystore-explorer by kaikramer.

the class TimeStampingClient method getTimeStampToken.

/**
 * Get RFC 3161 timeStampToken.
 *
 * @param tsaUrl Location of TSA
 * @param data The data to be time-stamped
 * @param hashAlg The algorithm used for generating a hash value of the data to be time-stamped
 * @return encoded, TSA signed data of the timeStampToken
 * @throws IOException
 */
public static byte[] getTimeStampToken(String tsaUrl, byte[] data, DigestType hashAlg) throws IOException {
    TimeStampResponse response = null;
    try {
        // calculate hash value
        MessageDigest digest = MessageDigest.getInstance(hashAlg.jce());
        byte[] hashValue = digest.digest(data);
        // Setup the time stamp request
        TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
        tsqGenerator.setCertReq(true);
        BigInteger nonce = BigInteger.valueOf(System.currentTimeMillis());
        TimeStampRequest request = tsqGenerator.generate(new ASN1ObjectIdentifier(hashAlg.oid()), hashValue, nonce);
        byte[] requestBytes = request.getEncoded();
        // send http request
        byte[] respBytes = queryServer(tsaUrl, requestBytes);
        // process response
        response = new TimeStampResponse(respBytes);
        // validate communication level attributes (RFC 3161 PKIStatus)
        response.validate(request);
        PKIFailureInfo failure = response.getFailInfo();
        int value = failure == null ? 0 : failure.intValue();
        if (value != 0) {
            throw new IOException("Server returned error code: " + String.valueOf(value));
        }
    } catch (NoSuchAlgorithmException e) {
        throw new IOException(e);
    } catch (TSPException e) {
        throw new IOException(e);
    }
    // extract the time stamp token
    TimeStampToken tsToken = response.getTimeStampToken();
    if (tsToken == null) {
        throw new IOException("TSA returned no time stamp token: " + response.getStatusString());
    }
    return tsToken.getEncoded();
}

Example 55 with Time

use of org.bouncycastle.asn1.x509.Time in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testUserRevokeNullReason.

// Tests attempting to revoke a user with Null reason
@Test
public void testUserRevokeNullReason() throws Exception {
    thrown.expect(EnrollmentException.class);
    thrown.expectMessage("Failed to re-enroll user");
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, -1);
    // avoid any clock skewing.
    Date revokedTinyBitAgoTime = calendar.getTime();
    SampleUser user = getTestUser(TEST_USER1_ORG);
    if (!user.isRegistered()) {
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testUserRevoke";
        rr.setSecret(password);
        rr.addAttribute(new Attribute("user.role", "department lead"));
        rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
        // Admin can register other users.
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    sleepALittle();
    if (!user.isEnrolled()) {
        EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
        req.addHost("example3.ibm.com");
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
        // verify
        String cert = user.getEnrollment().getCert();
        verifyOptions(cert, req);
    }
    sleepALittle();
    int startedWithRevokes = -1;
    if (!testConfig.isRunningAgainstFabric10()) {
        // one more after we do this revoke.
        startedWithRevokes = getRevokes(null).length;
    }
    // revoke all enrollment of this user
    client.revoke(admin, user.getName(), null);
    if (!testConfig.isRunningAgainstFabric10()) {
        final int newRevokes = getRevokes(null).length;
        assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    }
    // trying to reenroll the revoked user should fail with an EnrollmentException
    client.reenroll(user);
}