Search in sources :

Example 16 with Certificate

use of org.openmuc.jasn1.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class OcspCertStoreFromCaDbImporter method importCert0.

// method importCert
private long importCert0(HashAlgo certhashAlgo, PreparedStatement psCert, String certsZipFile, Map<Integer, String> profileMap, boolean revokedOnly, List<Integer> caIds, long minId, File processLogFile, ProcessLog processLog, int numProcessedInLastProcess, ProcessLog importLog) throws Exception {
    ZipFile zipFile = new ZipFile(new File(certsZipFile));
    ZipEntry certsXmlEntry = zipFile.getEntry("overview.xml");
    CertsReader certs;
    try {
        certs = new CertsReader(zipFile.getInputStream(certsXmlEntry));
    } catch (Exception ex) {
        try {
            zipFile.close();
        } catch (Exception ex2) {
            LOG.error("could not close ZIP file {}: {}", certsZipFile, ex2.getMessage());
            LOG.debug("could not close ZIP file " + certsZipFile, ex2);
        }
        throw ex;
    }
    disableAutoCommit();
    try {
        int numProcessedEntriesInBatch = 0;
        int numImportedEntriesInBatch = 0;
        long lastSuccessfulCertId = 0;
        while (certs.hasNext()) {
            if (stopMe.get()) {
                throw new InterruptedException("interrupted by the user");
            }
            CertType cert = (CertType) certs.next();
            long id = cert.getId();
            lastSuccessfulCertId = id;
            if (id < minId) {
                continue;
            }
            numProcessedEntriesInBatch++;
            if (!revokedOnly || cert.getRev().booleanValue()) {
                int caId = cert.getCaId();
                if (caIds.contains(caId)) {
                    numImportedEntriesInBatch++;
                    String filename = cert.getFile();
                    // rawcert
                    ZipEntry certZipEnty = zipFile.getEntry(filename);
                    // rawcert
                    byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty));
                    String certhash = certhashAlgo.base64Hash(encodedCert);
                    TBSCertificate tbsCert;
                    try {
                        Certificate cc = Certificate.getInstance(encodedCert);
                        tbsCert = cc.getTBSCertificate();
                    } catch (RuntimeException ex) {
                        LOG.error("could not parse certificate in file {}", filename);
                        LOG.debug("could not parse certificate in file " + filename, ex);
                        throw new CertificateException(ex.getMessage(), ex);
                    }
                    String subject = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen);
                    // cert
                    try {
                        int idx = 1;
                        psCert.setLong(idx++, id);
                        psCert.setInt(idx++, caId);
                        psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
                        psCert.setLong(idx++, cert.getUpdate());
                        psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
                        psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
                        setBoolean(psCert, idx++, cert.getRev());
                        setInt(psCert, idx++, cert.getRr());
                        setLong(psCert, idx++, cert.getRt());
                        setLong(psCert, idx++, cert.getRit());
                        int certprofileId = cert.getPid();
                        String certprofileName = profileMap.get(certprofileId);
                        psCert.setString(idx++, certprofileName);
                        psCert.setString(idx++, certhash);
                        psCert.setString(idx++, subject);
                        psCert.addBatch();
                    } catch (SQLException ex) {
                        throw translate(SQL_ADD_CERT, ex);
                    }
                }
            // end if (caIds.contains(caId))
            }
            // end if (revokedOnly
            boolean isLastBlock = !certs.hasNext();
            if (numImportedEntriesInBatch > 0 && (numImportedEntriesInBatch % this.numCertsPerCommit == 0 || isLastBlock)) {
                if (evaulateOnly) {
                    psCert.clearBatch();
                } else {
                    try {
                        psCert.executeBatch();
                        commit("(commit import cert to OCSP)");
                    } catch (Throwable th) {
                        rollback();
                        deleteCertGreatherThan(lastSuccessfulCertId, LOG);
                        if (th instanceof SQLException) {
                            throw translate(SQL_ADD_CERT, (SQLException) th);
                        } else if (th instanceof Exception) {
                            throw (Exception) th;
                        } else {
                            throw new Exception(th);
                        }
                    }
                }
                lastSuccessfulCertId = id;
                processLog.addNumProcessed(numProcessedEntriesInBatch);
                importLog.addNumProcessed(numImportedEntriesInBatch);
                numProcessedEntriesInBatch = 0;
                numImportedEntriesInBatch = 0;
                String filename = (numProcessedInLastProcess + processLog.numProcessed()) + ":" + lastSuccessfulCertId;
                echoToFile(filename, processLogFile);
                processLog.printStatus();
            } else if (isLastBlock) {
                lastSuccessfulCertId = id;
                processLog.addNumProcessed(numProcessedEntriesInBatch);
                importLog.addNumProcessed(numImportedEntriesInBatch);
                numProcessedEntriesInBatch = 0;
                numImportedEntriesInBatch = 0;
                String filename = (numProcessedInLastProcess + processLog.numProcessed()) + ":" + lastSuccessfulCertId;
                echoToFile(filename, processLogFile);
                processLog.printStatus();
            }
        // if (numImportedEntriesInBatch)
        }
        return lastSuccessfulCertId;
    } finally {
        recoverAutoCommit();
        zipFile.close();
    }
}
Also used : SQLException(java.sql.SQLException) ZipEntry(java.util.zip.ZipEntry) CertType(org.xipki.ca.dbtool.xmlio.ca.CertType) CertificateException(java.security.cert.CertificateException) InvalidInputException(org.xipki.dbtool.InvalidInputException) SQLException(java.sql.SQLException) DataAccessException(org.xipki.datasource.DataAccessException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) JAXBException(javax.xml.bind.JAXBException) ZipFile(java.util.zip.ZipFile) ZipFile(java.util.zip.ZipFile) File(java.io.File) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) CertsReader(org.xipki.ca.dbtool.xmlio.ca.CertsReader) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 17 with Certificate

use of org.openmuc.jasn1.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class CaCertStoreDbImporter method importEntries.

private long importEntries(CaDbEntryType type, String entriesZipFile, long minId, File processLogFile, ProcessLog processLog, int numProcessedInLastProcess, PreparedStatement[] statements, String[] sqls) throws Exception {
    final int numEntriesPerCommit = Math.max(1, Math.round(type.getSqlBatchFactor() * numCertsPerCommit));
    ZipFile zipFile = new ZipFile(new File(entriesZipFile));
    ZipEntry entriesXmlEntry = zipFile.getEntry("overview.xml");
    DbiXmlReader entries;
    try {
        entries = createReader(type, zipFile.getInputStream(entriesXmlEntry));
    } catch (Exception ex) {
        try {
            zipFile.close();
        } catch (Exception e2) {
            LOG.error("could not close ZIP file {}: {}", entriesZipFile, e2.getMessage());
            LOG.debug("could not close ZIP file " + entriesZipFile, e2);
        }
        throw ex;
    }
    disableAutoCommit();
    try {
        int numEntriesInBatch = 0;
        long lastSuccessfulEntryId = 0;
        while (entries.hasNext()) {
            if (stopMe.get()) {
                throw new InterruptedException("interrupted by the user");
            }
            IdentifidDbObjectType entry = (IdentifidDbObjectType) entries.next();
            long id = entry.getId();
            if (id < minId) {
                continue;
            }
            numEntriesInBatch++;
            if (CaDbEntryType.CERT == type) {
                CertType cert = (CertType) entry;
                int certArt = (cert.getArt() == null) ? 1 : cert.getArt();
                String filename = cert.getFile();
                // rawcert
                ZipEntry certZipEnty = zipFile.getEntry(filename);
                // rawcert
                byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty));
                TBSCertificate tbsCert;
                try {
                    Certificate cc = Certificate.getInstance(encodedCert);
                    tbsCert = cc.getTBSCertificate();
                } catch (RuntimeException ex) {
                    LOG.error("could not parse certificate in file {}", filename);
                    LOG.debug("could not parse certificate in file " + filename, ex);
                    throw new CertificateException(ex.getMessage(), ex);
                }
                byte[] encodedKey = tbsCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes();
                String b64Sha1FpCert = HashAlgo.SHA1.base64Hash(encodedCert);
                // cert
                String subjectText = X509Util.cutX500Name(tbsCert.getSubject(), maxX500nameLen);
                PreparedStatement psCert = statements[0];
                PreparedStatement psRawcert = statements[1];
                try {
                    int idx = 1;
                    psCert.setLong(idx++, id);
                    psCert.setInt(idx++, certArt);
                    psCert.setLong(idx++, cert.getUpdate());
                    psCert.setString(idx++, tbsCert.getSerialNumber().getPositiveValue().toString(16));
                    psCert.setString(idx++, subjectText);
                    long fpSubject = X509Util.fpCanonicalizedName(tbsCert.getSubject());
                    psCert.setLong(idx++, fpSubject);
                    if (cert.getFpRs() != null) {
                        psCert.setLong(idx++, cert.getFpRs());
                    } else {
                        psCert.setNull(idx++, Types.BIGINT);
                    }
                    psCert.setLong(idx++, tbsCert.getStartDate().getDate().getTime() / 1000);
                    psCert.setLong(idx++, tbsCert.getEndDate().getDate().getTime() / 1000);
                    setBoolean(psCert, idx++, cert.getRev());
                    setInt(psCert, idx++, cert.getRr());
                    setLong(psCert, idx++, cert.getRt());
                    setLong(psCert, idx++, cert.getRit());
                    setInt(psCert, idx++, cert.getPid());
                    setInt(psCert, idx++, cert.getCaId());
                    setInt(psCert, idx++, cert.getRid());
                    setInt(psCert, idx++, cert.getUid());
                    psCert.setLong(idx++, FpIdCalculator.hash(encodedKey));
                    Extension extension = tbsCert.getExtensions().getExtension(Extension.basicConstraints);
                    boolean ee = true;
                    if (extension != null) {
                        ASN1Encodable asn1 = extension.getParsedValue();
                        ee = !BasicConstraints.getInstance(asn1).isCA();
                    }
                    psCert.setInt(idx++, ee ? 1 : 0);
                    psCert.setInt(idx++, cert.getReqType());
                    String tidS = null;
                    if (cert.getTid() != null) {
                        tidS = cert.getTid();
                    }
                    psCert.setString(idx++, tidS);
                    psCert.addBatch();
                } catch (SQLException ex) {
                    throw translate(SQL_ADD_CERT, ex);
                }
                try {
                    int idx = 1;
                    psRawcert.setLong(idx++, cert.getId());
                    psRawcert.setString(idx++, b64Sha1FpCert);
                    psRawcert.setString(idx++, cert.getRs());
                    psRawcert.setString(idx++, Base64.encodeToString(encodedCert));
                    psRawcert.addBatch();
                } catch (SQLException ex) {
                    throw translate(SQL_ADD_CRAW, ex);
                }
            } else if (CaDbEntryType.CRL == type) {
                PreparedStatement psAddCrl = statements[0];
                CrlType crl = (CrlType) entry;
                String filename = crl.getFile();
                // CRL
                ZipEntry zipEnty = zipFile.getEntry(filename);
                // rawcert
                byte[] encodedCrl = IoUtil.read(zipFile.getInputStream(zipEnty));
                X509CRL x509crl = null;
                try {
                    x509crl = X509Util.parseCrl(encodedCrl);
                } catch (Exception ex) {
                    LOG.error("could not parse CRL in file {}", filename);
                    LOG.debug("could not parse CRL in file " + filename, ex);
                    if (ex instanceof CRLException) {
                        throw (CRLException) ex;
                    } else {
                        throw new CRLException(ex.getMessage(), ex);
                    }
                }
                try {
                    byte[] octetString = x509crl.getExtensionValue(Extension.cRLNumber.getId());
                    if (octetString == null) {
                        LOG.warn("CRL without CRL number, ignore it");
                        continue;
                    }
                    byte[] extnValue = DEROctetString.getInstance(octetString).getOctets();
                    // CHECKSTYLE:SKIP
                    BigInteger crlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
                    BigInteger baseCrlNumber = null;
                    octetString = x509crl.getExtensionValue(Extension.deltaCRLIndicator.getId());
                    if (octetString != null) {
                        extnValue = DEROctetString.getInstance(octetString).getOctets();
                        baseCrlNumber = ASN1Integer.getInstance(extnValue).getPositiveValue();
                    }
                    int idx = 1;
                    psAddCrl.setLong(idx++, crl.getId());
                    psAddCrl.setInt(idx++, crl.getCaId());
                    psAddCrl.setLong(idx++, crlNumber.longValue());
                    psAddCrl.setLong(idx++, x509crl.getThisUpdate().getTime() / 1000);
                    if (x509crl.getNextUpdate() != null) {
                        psAddCrl.setLong(idx++, x509crl.getNextUpdate().getTime() / 1000);
                    } else {
                        psAddCrl.setNull(idx++, Types.INTEGER);
                    }
                    if (baseCrlNumber == null) {
                        setBoolean(psAddCrl, idx++, false);
                        psAddCrl.setNull(idx++, Types.BIGINT);
                    } else {
                        setBoolean(psAddCrl, idx++, true);
                        psAddCrl.setLong(idx++, baseCrlNumber.longValue());
                    }
                    String str = Base64.encodeToString(encodedCrl);
                    psAddCrl.setString(idx++, str);
                    psAddCrl.addBatch();
                } catch (SQLException ex) {
                    System.err.println("could not import CRL with ID=" + crl.getId() + ", message: " + ex.getMessage());
                    throw ex;
                }
            } else if (CaDbEntryType.REQUEST == type) {
                PreparedStatement psAddRequest = statements[0];
                RequestType request = (RequestType) entry;
                String filename = request.getFile();
                ZipEntry zipEnty = zipFile.getEntry(filename);
                byte[] encodedRequest = IoUtil.read(zipFile.getInputStream(zipEnty));
                try {
                    int idx = 1;
                    psAddRequest.setLong(idx++, request.getId());
                    psAddRequest.setLong(idx++, request.getUpdate());
                    psAddRequest.setString(idx++, Base64.encodeToString(encodedRequest));
                    psAddRequest.addBatch();
                } catch (SQLException ex) {
                    System.err.println("could not import REQUEST with ID=" + request.getId() + ", message: " + ex.getMessage());
                    throw ex;
                }
            } else if (CaDbEntryType.REQCERT == type) {
                PreparedStatement psAddReqCert = statements[0];
                RequestCertType reqCert = (RequestCertType) entry;
                try {
                    int idx = 1;
                    psAddReqCert.setLong(idx++, reqCert.getId());
                    psAddReqCert.setLong(idx++, reqCert.getRid());
                    psAddReqCert.setLong(idx++, reqCert.getCid());
                    psAddReqCert.addBatch();
                } catch (SQLException ex) {
                    System.err.println("could not import REQUEST with ID=" + reqCert.getId() + ", message: " + ex.getMessage());
                    throw ex;
                }
            } else {
                throw new RuntimeException("Unknown CaDbEntryType " + type);
            }
            boolean isLastBlock = !entries.hasNext();
            if (numEntriesInBatch > 0 && (numEntriesInBatch % numEntriesPerCommit == 0 || isLastBlock)) {
                if (evaulateOnly) {
                    for (PreparedStatement m : statements) {
                        m.clearBatch();
                    }
                } else {
                    String sql = null;
                    try {
                        for (int i = 0; i < sqls.length; i++) {
                            sql = sqls[i];
                            statements[i].executeBatch();
                        }
                        sql = null;
                        commit("(commit import to CA)");
                    } catch (Throwable th) {
                        rollback();
                        deleteFromTableWithLargerId(type.getTableName(), "ID", id, LOG);
                        if (CaDbEntryType.CERT == type) {
                            deleteFromTableWithLargerId("CRAW", "CID", id, LOG);
                        }
                        if (th instanceof SQLException) {
                            throw translate(sql, (SQLException) th);
                        } else if (th instanceof Exception) {
                            throw (Exception) th;
                        } else {
                            throw new Exception(th);
                        }
                    }
                }
                lastSuccessfulEntryId = id;
                processLog.addNumProcessed(numEntriesInBatch);
                numEntriesInBatch = 0;
                echoToFile(type + ":" + (numProcessedInLastProcess + processLog.numProcessed()) + ":" + lastSuccessfulEntryId, processLogFile);
                processLog.printStatus();
            }
        }
        return lastSuccessfulEntryId;
    } finally {
        recoverAutoCommit();
        zipFile.close();
    }
}
Also used : X509CRL(java.security.cert.X509CRL) SQLException(java.sql.SQLException) ZipEntry(java.util.zip.ZipEntry) RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType) CertType(org.xipki.ca.dbtool.xmlio.ca.CertType) CertificateException(java.security.cert.CertificateException) DEROctetString(org.bouncycastle.asn1.DEROctetString) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) CRLException(java.security.cert.CRLException) IdentifidDbObjectType(org.xipki.ca.dbtool.xmlio.IdentifidDbObjectType) DbiXmlReader(org.xipki.ca.dbtool.xmlio.DbiXmlReader) PreparedStatement(java.sql.PreparedStatement) RequestCertType(org.xipki.ca.dbtool.xmlio.ca.RequestCertType) XMLStreamException(javax.xml.stream.XMLStreamException) DataAccessException(org.xipki.datasource.DataAccessException) JAXBException(javax.xml.bind.JAXBException) InvalidDataObjectException(org.xipki.ca.dbtool.xmlio.InvalidDataObjectException) CRLException(java.security.cert.CRLException) SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) Extension(org.bouncycastle.asn1.x509.Extension) ZipFile(java.util.zip.ZipFile) CrlType(org.xipki.ca.dbtool.xmlio.ca.CrlType) BigInteger(java.math.BigInteger) ZipFile(java.util.zip.ZipFile) File(java.io.File) Certificate(org.bouncycastle.asn1.x509.Certificate) TBSCertificate(org.bouncycastle.asn1.x509.TBSCertificate) RequestType(org.xipki.ca.dbtool.xmlio.ca.RequestType)

Example 18 with Certificate

use of org.openmuc.jasn1.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class OcspCertStoreDbImporter method importIssuer0.

private void importIssuer0(IssuerType issuer, PreparedStatement ps) throws DataAccessException, CertificateException, IOException {
    try {
        String certFilename = issuer.getCertFile();
        String b64Cert = new String(IoUtil.read(new File(baseDir, certFilename)));
        byte[] encodedCert = Base64.decode(b64Cert);
        Certificate cert;
        try {
            cert = Certificate.getInstance(encodedCert);
        } catch (RuntimeException ex) {
            LOG.error("could not parse certificate of issuer {}", issuer.getId());
            LOG.debug("could not parse certificate of issuer " + issuer.getId(), ex);
            throw new CertificateException(ex.getMessage(), ex);
        }
        int idx = 1;
        ps.setInt(idx++, issuer.getId());
        ps.setString(idx++, X509Util.cutX500Name(cert.getSubject(), maxX500nameLen));
        ps.setLong(idx++, cert.getTBSCertificate().getStartDate().getDate().getTime() / 1000);
        ps.setLong(idx++, cert.getTBSCertificate().getEndDate().getDate().getTime() / 1000);
        ps.setString(idx++, sha1(encodedCert));
        setBoolean(ps, idx++, issuer.isRevoked());
        setInt(ps, idx++, issuer.getRevReason());
        setLong(ps, idx++, issuer.getRevTime());
        setLong(ps, idx++, issuer.getRevInvTime());
        ps.setString(idx++, b64Cert);
        ps.execute();
    } catch (SQLException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw translate(SQL_ADD_ISSUER, ex);
    } catch (CertificateException ex) {
        System.err.println("could not import issuer with id=" + issuer.getId());
        throw ex;
    }
}
Also used : SQLException(java.sql.SQLException) CertificateException(java.security.cert.CertificateException) ZipFile(java.util.zip.ZipFile) File(java.io.File) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 19 with Certificate

use of org.openmuc.jasn1.compiler.pkix1explicit88.Certificate in project xipki by xipki.

the class BenchmarkOcspStatusCmd method execute0.

@Override
protected Object execute0() throws Exception {
    int ii = 0;
    if (serialNumberList != null) {
        ii++;
    }
    if (serialNumberFile != null) {
        ii++;
    }
    if (CollectionUtil.isNonEmpty(certFiles)) {
        ii++;
    }
    if (ii != 1) {
        throw new IllegalCmdParamException("exactly one of serial, serial-file and cert must be specified");
    }
    if (numThreads < 1) {
        throw new IllegalCmdParamException("invalid number of threads " + numThreads);
    }
    Iterator<BigInteger> serialNumberIterator;
    if (serialNumberFile != null) {
        serialNumberIterator = new FileBigIntegerIterator(IoUtil.expandFilepath(serialNumberFile), hex, true);
    } else {
        List<BigIntegerRange> serialNumbers = new LinkedList<>();
        if (serialNumberList != null) {
            StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
            while (st.hasMoreTokens()) {
                String token = st.nextToken();
                StringTokenizer st2 = new StringTokenizer(token, "-");
                BigInteger from = toBigInt(st2.nextToken(), hex);
                BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : from;
                serialNumbers.add(new BigIntegerRange(from, to));
            }
        } else if (certFiles != null) {
            for (String certFile : certFiles) {
                X509Certificate cert;
                try {
                    cert = X509Util.parseCert(certFile);
                } catch (Exception ex) {
                    throw new IllegalCmdParamException("invalid certificate file  '" + certFile + "'", ex);
                }
                BigInteger serial = cert.getSerialNumber();
                serialNumbers.add(new BigIntegerRange(serial, serial));
            }
        }
        serialNumberIterator = new RangeBigIntegerIterator(serialNumbers, true);
    }
    try {
        String description = StringUtil.concatObjects("issuer cert: ", issuerCertFile, "\nserver URL: ", serverUrl, "\nmaxRequest: ", maxRequests, "\nhash: ", hashAlgo);
        Certificate issuerCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
        RequestOptions options = getRequestOptions();
        OcspBenchmark loadTest = new OcspBenchmark(issuerCert, serverUrl, options, serialNumberIterator, maxRequests, analyzeResponse, queueSize, description.toString());
        loadTest.setDuration(duration);
        loadTest.setThreads(numThreads);
        loadTest.test();
    } finally {
        if (serialNumberIterator instanceof FileBigIntegerIterator) {
            ((FileBigIntegerIterator) serialNumberIterator).close();
        }
    }
    return null;
}
Also used : BigIntegerRange(org.xipki.common.util.BigIntegerRange) RequestOptions(org.xipki.ocsp.client.api.RequestOptions) OcspBenchmark(org.xipki.ocsp.qa.benchmark.OcspBenchmark) FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) StringTokenizer(java.util.StringTokenizer) IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException) BigInteger(java.math.BigInteger) RangeBigIntegerIterator(org.xipki.common.util.RangeBigIntegerIterator) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Example 20 with Certificate

use of org.openmuc.jasn1.compiler.pkix1explicit88.Certificate in project open-ecard by ecsec.

the class HostnameVerifier method isValid.

@Override
public void isValid(TlsServerCertificate chain, String hostOrIp) throws CertificateVerificationException {
    try {
        TlsCertificate tlsCert = chain.getCertificate().getCertificateAt(0);
        Certificate cert = Certificate.getInstance(tlsCert.getEncoded());
        validInt(cert, hostOrIp);
    } catch (IOException ex) {
        throw new CertificateVerificationException("Invalid certificate received from server.", ex);
    }
}
Also used : CertificateVerificationException(org.openecard.crypto.tls.CertificateVerificationException) IOException(java.io.IOException) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate) TlsServerCertificate(org.openecard.bouncycastle.tls.TlsServerCertificate) Certificate(org.openecard.bouncycastle.asn1.x509.Certificate) TlsCertificate(org.openecard.bouncycastle.tls.crypto.TlsCertificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)31 X509Certificate (java.security.cert.X509Certificate)25 IOException (java.io.IOException)20 CertificateException (java.security.cert.CertificateException)17 BigInteger (java.math.BigInteger)9 Date (java.util.Date)9 File (java.io.File)7 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)7 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 X500Name (org.bouncycastle.asn1.x500.X500Name)7 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)6 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)6 SQLException (java.sql.SQLException)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)5 NoIdleSignerException (org.xipki.security.exception.NoIdleSignerException)5 EOFException (java.io.EOFException)4 X509CRL (java.security.cert.X509CRL)4 ContentSigner (org.bouncycastle.operator.ContentSigner)4 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)4