Examples with X509Cert org.xipki.security.X509Cert used on opensource projects

Example 1 with X509Cert

use of org.xipki.security.X509Cert in project xipki by xipki.

the class OcspCertPublisher method certificateAdded.

@Override
public boolean certificateAdded(X509CertificateInfo certInfo) {
    X509Cert caCert = certInfo.getIssuerCert();
    X509CertWithDbId cert = certInfo.getCert();
    try {
        queryExecutor.addCert(caCert, cert, certInfo.getProfile().getName(), certInfo.getRevocationInfo());
        return true;
    } catch (Exception ex) {
        logAndAudit(caCert.getSubject(), cert, ex, "could not save certificate");
        return false;
    }
}

Example 2 with X509Cert

use of org.xipki.security.X509Cert in project xipki by xipki.

the class AbstractP11Slot method refresh.

@Override
public void refresh() throws P11TokenException {
    // CHECKSTYLE:SKIP
    P11SlotRefreshResult res = refresh0();
    mechanisms.clear();
    certificates.clear();
    identities.clear();
    List<Long> ignoreMechs = new ArrayList<>();
    for (Long mech : res.getMechanisms()) {
        if (mechanismFilter.isMechanismPermitted(slotId, mech)) {
            mechanisms.add(mech);
        } else {
            ignoreMechs.add(mech);
        }
    }
    certificates.putAll(res.getCertificates());
    identities.putAll(res.getIdentities());
    updateCaCertsOfIdentities();
    if (LOG.isInfoEnabled()) {
        StringBuilder sb = new StringBuilder();
        sb.append("initialized module ").append(moduleName).append(", slot ").append(slotId);
        sb.append("\nsupported mechanisms:\n");
        List<Long> sortedMechs = new ArrayList<>(mechanisms);
        Collections.sort(sortedMechs);
        for (Long mech : sortedMechs) {
            sb.append("\t").append(Pkcs11Functions.getMechanismDesc(mech)).append("\n");
        }
        sb.append("\nsupported by device but ignored mechanisms:\n");
        if (ignoreMechs.isEmpty()) {
            sb.append("\tNONE\n");
        } else {
            Collections.sort(ignoreMechs);
            for (Long mech : ignoreMechs) {
                sb.append("\t").append(Pkcs11Functions.getMechanismDesc(mech)).append("\n");
            }
        }
        List<P11ObjectIdentifier> ids = getSortedObjectIds(certificates.keySet());
        sb.append(ids.size()).append(" certificates:\n");
        for (P11ObjectIdentifier objectId : ids) {
            X509Cert entity = certificates.get(objectId);
            sb.append("\t").append(objectId);
            sb.append(", subject='").append(entity.getSubject()).append("'\n");
        }
        ids = getSortedObjectIds(identities.keySet());
        sb.append(ids.size()).append(" identities:\n");
        for (P11ObjectIdentifier objectId : ids) {
            P11Identity identity = identities.get(objectId);
            sb.append("\t").append(objectId);
            if (identity.getPublicKey() != null) {
                sb.append(", algo=").append(identity.getPublicKey().getAlgorithm());
                if (identity.getCertificate() != null) {
                    String subject = X509Util.getRfc4519Name(identity.getCertificate().getSubjectX500Principal());
                    sb.append(", subject='").append(subject).append("'");
                }
            } else {
                sb.append(", algo=<symmetric>");
            }
            sb.append("\n");
        }
        LOG.info(sb.toString());
    }
}

Example 3 with X509Cert

use of org.xipki.security.X509Cert in project xipki by xipki.

the class AbstractP11Slot method addCert.

@Override
public P11ObjectIdentifier addCert(X509Certificate cert) throws P11TokenException, CertificateException {
    ParamUtil.requireNonNull("cert", cert);
    assertWritable("addCert");
    byte[] encodedCert = cert.getEncoded();
    for (P11ObjectIdentifier objectId : certificates.keySet()) {
        X509Cert tmpCert = certificates.get(objectId);
        if (Arrays.equals(encodedCert, tmpCert.getEncodedCert())) {
            return objectId;
        }
    }
    byte[] id = generateId();
    String cn = X509Util.getCommonName(cert.getSubjectX500Principal());
    String label = generateLabel(cn);
    P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, label);
    addCert(objectId, cert);
    return objectId;
}

Example 4 with X509Cert

use of org.xipki.security.X509Cert in project xipki by xipki.

the class AbstractP11Slot method exportCert.

@Override
public X509Certificate exportCert(P11ObjectIdentifier objectId) throws P11TokenException {
    ParamUtil.requireNonNull("objectId", objectId);
    try {
        return getIdentity(objectId).getCertificate();
    } catch (P11UnknownEntityException ex) {
    // CHECKSTYLE:SKIP
    }
    X509Cert cert = certificates.get(objectId);
    if (cert == null) {
        throw new P11UnknownEntityException(slotId, objectId);
    }
    return cert.getCert();
}

Example 5 with X509Cert

use of org.xipki.security.X509Cert in project xipki by xipki.

the class ScepImpl method refreshCa.

private void refreshCa() throws OperationException {
    try {
        X509Ca ca = caManager.getX509Ca(caIdent);
        X509Cert currentCaCert = ca.getCaInfo().getCert();
        if (currentCaCert.equals(caCert)) {
            return;
        }
        caCert = currentCaCert;
        caCertRespBytes = new ScepCaCertRespBytes(currentCaCert.getCert(), responderCert);
    } catch (CaMgmtException | CertificateException | CMSException ex) {
        throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex.getMessage());
    }
}