Search in sources :

Example 11 with CertificateList

use of org.openmuc.jasn1.compiler.pkix1explicit88.CertificateList in project xipki by xipki.

the class X509CmpRequestor method evaluateCrlResponse.

private X509CRL evaluateCrlResponse(PkiResponse response, Integer xipkiAction) throws CmpRequestorException, PkiErrorException {
    ParamUtil.requireNonNull("response", response);
    checkProtection(response);
    PKIBody respBody = response.getPkiMessage().getBody();
    int bodyType = respBody.getType();
    if (PKIBody.TYPE_ERROR == bodyType) {
        ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
        throw new PkiErrorException(content.getPKIStatusInfo());
    } else if (PKIBody.TYPE_GEN_REP != bodyType) {
        throw new CmpRequestorException(String.format("unknown PKI body type %s instead the expected [%s, %s]", bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
    }
    ASN1ObjectIdentifier expectedType = (xipkiAction == null) ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp_cmpGenmsg;
    GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
    InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
    InfoTypeAndValue itv = null;
    if (itvs != null && itvs.length > 0) {
        for (InfoTypeAndValue m : itvs) {
            if (expectedType.equals(m.getInfoType())) {
                itv = m;
                break;
            }
        }
    }
    if (itv == null) {
        throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType);
    }
    ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue() : extractXiActionContent(itv.getInfoValue(), xipkiAction);
    CertificateList certList = CertificateList.getInstance(certListAsn1Object);
    X509CRL crl;
    try {
        crl = X509Util.toX509Crl(certList);
    } catch (CRLException | CertificateException ex) {
        throw new CmpRequestorException("returned CRL is invalid: " + ex.getMessage());
    }
    return crl;
}
Also used : PKIBody(org.bouncycastle.asn1.cmp.PKIBody) X509CRL(java.security.cert.X509CRL) GenRepContent(org.bouncycastle.asn1.cmp.GenRepContent) CertificateList(org.bouncycastle.asn1.x509.CertificateList) CertificateException(java.security.cert.CertificateException) PkiErrorException(org.xipki.ca.client.api.PkiErrorException) InfoTypeAndValue(org.bouncycastle.asn1.cmp.InfoTypeAndValue) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ErrorMsgContent(org.bouncycastle.asn1.cmp.ErrorMsgContent) CRLException(java.security.cert.CRLException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 12 with CertificateList

use of org.openmuc.jasn1.compiler.pkix1explicit88.CertificateList in project signer by demoiselle.

the class RevocationValues method getValue.

@Override
public Attribute getValue() throws SignerException {
    List<X509CRL> crlList = new ArrayList<X509CRL>();
    ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
    List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
    try {
        int chainSize = certificates.length - 1;
        for (int ix = 0; ix < chainSize; ix++) {
            X509Certificate cert = (X509Certificate) certificates[ix];
            Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
            for (ICPBR_CRL icpCrl : icpCrls) {
                crlList.add(icpCrl.getCRL());
            }
        }
        if (crlList.isEmpty()) {
            throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
        } else {
            for (X509CRL varCrl : crlList) {
                crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
            }
        }
        CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
        BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
        // org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
        return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
    } catch (Exception e) {
        throw new SignerException(e.getMessage());
    }
}
Also used : X509CRL(java.security.cert.X509CRL) Attribute(org.bouncycastle.asn1.cms.Attribute) UnsignedAttribute(org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute) ArrayList(java.util.ArrayList) CertificateList(org.bouncycastle.asn1.x509.CertificateList) DERSet(org.bouncycastle.asn1.DERSet) X509Certificate(java.security.cert.X509Certificate) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) CertificateEncodingException(java.security.cert.CertificateEncodingException) ICPBR_CRL(org.demoiselle.signer.core.extension.ICPBR_CRL) DERSequence(org.bouncycastle.asn1.DERSequence) BasicOCSPResponse(org.bouncycastle.asn1.ocsp.BasicOCSPResponse) SignerException(org.demoiselle.signer.policy.impl.cades.SignerException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 13 with CertificateList

use of org.openmuc.jasn1.compiler.pkix1explicit88.CertificateList in project candlepin by candlepin.

the class X509CRLStreamWriter method writeToEmptyCrl.

protected void writeToEmptyCrl(OutputStream out) throws IOException {
    ASN1InputStream asn1in = null;
    try {
        asn1in = new ASN1InputStream(crlIn);
        ASN1Sequence certListSeq = (ASN1Sequence) asn1in.readObject();
        CertificateList certList = CertificateList.getInstance(certListSeq);
        X509CRLHolder oldCrl = new X509CRLHolder(certList);
        X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date());
        crlBuilder.addCRL(oldCrl);
        Date now = new Date();
        Date oldNextUpdate = certList.getNextUpdate().getDate();
        Date oldThisUpdate = certList.getThisUpdate().getDate();
        Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime()));
        crlBuilder.setNextUpdate(nextUpdate);
        for (Object o : oldCrl.getExtensionOIDs()) {
            ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o;
            Extension ext = oldCrl.getExtension(oid);
            if (oid.equals(Extension.cRLNumber)) {
                ASN1OctetString octet = ext.getExtnValue();
                ASN1Integer currentNumber = (ASN1Integer) new ASN1InputStream(octet.getOctets()).readObject();
                ASN1Integer nextNumber = new ASN1Integer(currentNumber.getValue().add(BigInteger.ONE));
                crlBuilder.addExtension(oid, ext.isCritical(), nextNumber);
            } else if (oid.equals(Extension.authorityKeyIdentifier)) {
                crlBuilder.addExtension(oid, ext.isCritical(), ext.getParsedValue());
            }
        }
        for (DERSequence entry : newEntries) {
            // XXX: This is all a bit messy considering the user already passed in the serial, date
            // and reason.
            BigInteger serial = ((ASN1Integer) entry.getObjectAt(0)).getValue();
            Date revokeDate = ((Time) entry.getObjectAt(1)).getDate();
            int reason = CRLReason.unspecified;
            if (entry.size() == 3) {
                Extensions extensions = (Extensions) entry.getObjectAt(2);
                Extension reasonExt = extensions.getExtension(Extension.reasonCode);
                if (reasonExt != null) {
                    reason = ((ASN1Enumerated) reasonExt.getParsedValue()).getValue().intValue();
                }
            }
            crlBuilder.addCRLEntry(serial, revokeDate, reason);
        }
        if (signingAlg == null) {
            signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm();
        }
        ContentSigner s;
        try {
            s = createContentSigner(signingAlg, key);
            X509CRLHolder newCrl = crlBuilder.build(s);
            out.write(newCrl.getEncoded());
        } catch (OperatorCreationException e) {
            throw new IOException("Could not sign CRL", e);
        }
    } finally {
        IOUtils.closeQuietly(asn1in);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) CertificateList(org.bouncycastle.asn1.x509.CertificateList) ContentSigner(org.bouncycastle.operator.ContentSigner) DERGeneralizedTime(org.bouncycastle.asn1.DERGeneralizedTime) ASN1GeneralizedTime(org.bouncycastle.asn1.ASN1GeneralizedTime) DERUTCTime(org.bouncycastle.asn1.DERUTCTime) Time(org.bouncycastle.asn1.x509.Time) ASN1UTCTime(org.bouncycastle.asn1.ASN1UTCTime) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) Date(java.util.Date) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERSequence(org.bouncycastle.asn1.DERSequence) ASN1Enumerated(org.bouncycastle.asn1.ASN1Enumerated) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) ASN1Object(org.bouncycastle.asn1.ASN1Object) ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

CertificateList (org.bouncycastle.asn1.x509.CertificateList)10 IOException (java.io.IOException)6 CRLException (java.security.cert.CRLException)6 X509CRL (java.security.cert.X509CRL)5 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 CertificateException (java.security.cert.CertificateException)3 ArrayList (java.util.ArrayList)3 DERSequence (org.bouncycastle.asn1.DERSequence)3 OperationException (org.xipki.ca.api.OperationException)3 BigInteger (java.math.BigInteger)2 CRL (java.security.cert.CRL)2 X509Certificate (java.security.cert.X509Certificate)2 Date (java.util.Date)2 BerInputStream (org.apache.harmony.security.asn1.BerInputStream)2 ContentInfo (org.apache.harmony.security.pkcs7.ContentInfo)2 SignedData (org.apache.harmony.security.pkcs7.SignedData)2 CertificateList (org.apache.harmony.security.x509.CertificateList)2 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)2 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)2