Example 1 with BigIntegerRange
use of org.xipki.common.util.BigIntegerRange in project xipki by xipki.
the class BenchmarkOcspStatusCmd method execute0.
@Override
protected Object execute0() throws Exception {
int ii = 0;
if (serialNumberList != null) {
ii++;
}
if (serialNumberFile != null) {
ii++;
}
if (CollectionUtil.isNonEmpty(certFiles)) {
ii++;
}
if (ii != 1) {
throw new IllegalCmdParamException("exactly one of serial, serial-file and cert must be specified");
}
if (numThreads < 1) {
throw new IllegalCmdParamException("invalid number of threads " + numThreads);
}
Iterator<BigInteger> serialNumberIterator;
if (serialNumberFile != null) {
serialNumberIterator = new FileBigIntegerIterator(IoUtil.expandFilepath(serialNumberFile), hex, true);
} else {
List<BigIntegerRange> serialNumbers = new LinkedList<>();
if (serialNumberList != null) {
StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
while (st.hasMoreTokens()) {
String token = st.nextToken();
StringTokenizer st2 = new StringTokenizer(token, "-");
BigInteger from = toBigInt(st2.nextToken(), hex);
BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : from;
serialNumbers.add(new BigIntegerRange(from, to));
}
} else if (certFiles != null) {
for (String certFile : certFiles) {
X509Certificate cert;
try {
cert = X509Util.parseCert(certFile);
} catch (Exception ex) {
throw new IllegalCmdParamException("invalid certificate file '" + certFile + "'", ex);
}
BigInteger serial = cert.getSerialNumber();
serialNumbers.add(new BigIntegerRange(serial, serial));
}
}
serialNumberIterator = new RangeBigIntegerIterator(serialNumbers, true);
}
try {
String description = StringUtil.concatObjects("issuer cert: ", issuerCertFile, "\nserver URL: ", serverUrl, "\nmaxRequest: ", maxRequests, "\nhash: ", hashAlgo);
Certificate issuerCert = Certificate.getInstance(IoUtil.read(issuerCertFile));
RequestOptions options = getRequestOptions();
OcspBenchmark loadTest = new OcspBenchmark(issuerCert, serverUrl, options, serialNumberIterator, maxRequests, analyzeResponse, queueSize, description.toString());
loadTest.setDuration(duration);
loadTest.setThreads(numThreads);
loadTest.test();
} finally {
if (serialNumberIterator instanceof FileBigIntegerIterator) {
((FileBigIntegerIterator) serialNumberIterator).close();
}
}
return null;
}
Also used :
BigIntegerRange(org.xipki.common.util.BigIntegerRange)
RequestOptions(org.xipki.ocsp.client.api.RequestOptions)
OcspBenchmark(org.xipki.ocsp.qa.benchmark.OcspBenchmark)
FileBigIntegerIterator(org.xipki.common.util.FileBigIntegerIterator)
LinkedList(java.util.LinkedList)
X509Certificate(java.security.cert.X509Certificate)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
StringTokenizer(java.util.StringTokenizer)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
BigInteger(java.math.BigInteger)
RangeBigIntegerIterator(org.xipki.common.util.RangeBigIntegerIterator)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 2 with BigIntegerRange
use of org.xipki.common.util.BigIntegerRange in project xipki by xipki.
the class BaseOcspStatusAction method execute0.
@Override
protected final Object execute0() throws Exception {
if (StringUtil.isBlank(serialNumberList) && isEmpty(certFiles)) {
throw new IllegalCmdParamException("Neither serialNumbers nor certFiles is set");
}
X509Certificate issuerCert = X509Util.parseCert(issuerCertFile);
Map<BigInteger, byte[]> encodedCerts = null;
List<BigInteger> sns = new LinkedList<>();
if (isNotEmpty(certFiles)) {
encodedCerts = new HashMap<>(certFiles.size());
String ocspUrl = null;
X500Name issuerX500Name = null;
for (String certFile : certFiles) {
BigInteger sn;
List<String> ocspUrls;
if (isAttrCert) {
if (issuerX500Name == null) {
issuerX500Name = X500Name.getInstance(issuerCert.getSubjectX500Principal().getEncoded());
}
X509AttributeCertificateHolder cert = new X509AttributeCertificateHolder(IoUtil.read(certFile));
// no signature validation
AttributeCertificateIssuer reqIssuer = cert.getIssuer();
if (reqIssuer != null && issuerX500Name != null) {
X500Name reqIssuerName = reqIssuer.getNames()[0];
if (!issuerX500Name.equals(reqIssuerName)) {
throw new IllegalCmdParamException("certificate " + certFile + " is not issued by the given issuer");
}
}
ocspUrls = extractOcspUrls(cert);
sn = cert.getSerialNumber();
} else {
X509Certificate cert = X509Util.parseCert(certFile);
if (!X509Util.issues(issuerCert, cert)) {
throw new IllegalCmdParamException("certificate " + certFile + " is not issued by the given issuer");
}
ocspUrls = extractOcspUrls(cert);
sn = cert.getSerialNumber();
}
if (isBlank(serverUrl)) {
if (CollectionUtil.isEmpty(ocspUrls)) {
throw new IllegalCmdParamException("could not extract OCSP responder URL");
} else {
String url = ocspUrls.get(0);
if (ocspUrl != null && !ocspUrl.equals(url)) {
throw new IllegalCmdParamException("given certificates have different" + " OCSP responder URL in certificate");
} else {
ocspUrl = url;
}
}
}
// end if
sns.add(sn);
byte[] encodedCert = IoUtil.read(certFile);
encodedCerts.put(sn, encodedCert);
}
if (isBlank(serverUrl)) {
serverUrl = ocspUrl;
}
} else {
StringTokenizer st = new StringTokenizer(serialNumberList, ", ");
while (st.hasMoreTokens()) {
String token = st.nextToken();
StringTokenizer st2 = new StringTokenizer(token, "-");
BigInteger from = toBigInt(st2.nextToken(), hex);
BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : null;
if (to == null) {
sns.add(from);
} else {
BigIntegerRange range = new BigIntegerRange(from, to);
if (range.getDiff().compareTo(BigInteger.valueOf(10)) > 0) {
throw new IllegalCmdParamException("to many serial numbers");
}
BigInteger sn = range.getFrom();
while (range.isInRange(sn)) {
sns.add(sn);
sn = sn.add(BigInteger.ONE);
}
}
}
}
if (isBlank(serverUrl)) {
throw new IllegalCmdParamException("could not get URL for the OCSP responder");
}
X509Certificate respIssuer = null;
if (respIssuerFile != null) {
respIssuer = X509Util.parseCert(IoUtil.expandFilepath(respIssuerFile));
}
URL serverUrlObj = new URL(serverUrl);
RequestOptions options = getRequestOptions();
checkParameters(respIssuer, sns, encodedCerts);
boolean saveReq = isNotBlank(reqout);
boolean saveResp = isNotBlank(respout);
RequestResponseDebug debug = null;
if (saveReq || saveResp) {
debug = new RequestResponseDebug(saveReq, saveResp);
}
IssuerHash issuerHash = new IssuerHash(HashAlgo.getNonNullInstance(options.getHashAlgorithmId()), Certificate.getInstance(issuerCert.getEncoded()));
OCSPResp response;
try {
response = requestor.ask(issuerCert, sns.toArray(new BigInteger[0]), serverUrlObj, options, debug);
} finally {
if (debug != null && debug.size() > 0) {
RequestResponsePair reqResp = debug.get(0);
if (saveReq) {
byte[] bytes = reqResp.getRequest();
if (bytes != null) {
IoUtil.save(reqout, bytes);
}
}
if (saveResp) {
byte[] bytes = reqResp.getResponse();
if (bytes != null) {
IoUtil.save(respout, bytes);
}
}
}
// end if
}
return processResponse(response, respIssuer, issuerHash, sns, encodedCerts);
}
Also used :
RequestResponsePair(org.xipki.common.RequestResponsePair)
AttributeCertificateIssuer(org.bouncycastle.cert.AttributeCertificateIssuer)
BigIntegerRange(org.xipki.common.util.BigIntegerRange)
RequestResponseDebug(org.xipki.common.RequestResponseDebug)
RequestOptions(org.xipki.ocsp.client.api.RequestOptions)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
ASN1String(org.bouncycastle.asn1.ASN1String)
X500Name(org.bouncycastle.asn1.x500.X500Name)
X509Certificate(java.security.cert.X509Certificate)
LinkedList(java.util.LinkedList)
URL(java.net.URL)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
StringTokenizer(java.util.StringTokenizer)
IssuerHash(org.xipki.security.IssuerHash)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
BigInteger(java.math.BigInteger)
Aggregations
BigInteger (java.math.BigInteger)2
X509Certificate (java.security.cert.X509Certificate)2
LinkedList (java.util.LinkedList)2
StringTokenizer (java.util.StringTokenizer)2
BigIntegerRange (org.xipki.common.util.BigIntegerRange)2
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)2
RequestOptions (org.xipki.ocsp.client.api.RequestOptions)2
URL (java.net.URL)1
ASN1String (org.bouncycastle.asn1.ASN1String)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
Certificate (org.bouncycastle.asn1.x509.Certificate)1
AttributeCertificateIssuer (org.bouncycastle.cert.AttributeCertificateIssuer)1
X509AttributeCertificateHolder (org.bouncycastle.cert.X509AttributeCertificateHolder)1
OCSPResp (org.bouncycastle.cert.ocsp.OCSPResp)1
RequestResponseDebug (org.xipki.common.RequestResponseDebug)1
RequestResponsePair (org.xipki.common.RequestResponsePair)1
FileBigIntegerIterator (org.xipki.common.util.FileBigIntegerIterator)1
RangeBigIntegerIterator (org.xipki.common.util.RangeBigIntegerIterator)1
OcspBenchmark (org.xipki.ocsp.qa.benchmark.OcspBenchmark)1
IssuerHash (org.xipki.security.IssuerHash)1
