List of usage examples for org.bouncycastle.asn1.x509 Certificate getSerialNumber
public ASN1Integer getSerialNumber()
From source file:org.codice.ddf.security.ocsp.checker.OcspChecker.java
License:Open Source License
/** * Creates an {@link OCSPReq} to send to the OCSP server for the given certificate. * * @param cert - the certificate to verify * @return the created OCSP request//from ww w . j a v a 2 s. c o m * @throws OcspCheckerException after posting an alert to the admin console, if any error occurs */ @VisibleForTesting OCSPReq generateOcspRequest(Certificate cert) throws OcspCheckerException { try { X509CertificateHolder issuerCert = resolveIssuerCertificate(cert); JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder(); DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build(); DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1); CertificateID certId = new CertificateID(digestCalculator, issuerCert, cert.getSerialNumber().getValue()); OCSPReqBuilder ocspReqGenerator = new OCSPReqBuilder(); ocspReqGenerator.addRequest(certId); return ocspReqGenerator.build(); } catch (OCSPException | OperatorCreationException e) { throw new OcspCheckerException("Unable to create an OCSP request." + NOT_VERIFIED_MSG, e); } }
From source file:org.codice.ddf.security.ocsp.checker.OcspCheckerTest.java
License:Open Source License
@Test public void testConvertingX509CertificatesToBcCertificates() throws Exception { OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin); Certificate certificate = ocspChecker.convertToBouncyCastleCert(trustedCertX509); assertThat(certificate, is(notNullValue())); assertThat(trustedCertX509.getSerialNumber(), equalTo(certificate.getSerialNumber().getValue())); assertThat(trustedCertX509.getNotAfter(), equalTo(certificate.getEndDate().getDate())); assertThat(trustedCertX509.getNotBefore(), equalTo(certificate.getStartDate().getDate())); X500Principal subjectX500Principal = trustedCertX509.getSubjectX500Principal(); X500Name x500name = new X500Name(subjectX500Principal.getName(X500Principal.RFC1779)); assertThat(x500name, equalTo(certificate.getSubject())); }
From source file:org.codice.ddf.security.ocsp.checker.OcspCheckerTest.java
License:Open Source License
@Test public void testGeneratingOcspRequest() throws Exception { OcspChecker ocspChecker = new OcspChecker(factory, eventAdmin); Certificate certificate = trustedCertBc; OCSPReq ocspReq = ocspChecker.generateOcspRequest(certificate); assertThat(ocspReq, is(notNullValue())); assertThat(ocspReq.getRequestList()[0].getCertID().getSerialNumber(), equalTo(certificate.getSerialNumber().getValue())); }
From source file:org.xipki.ca.client.shell.loadtest.CALoadTestRevoke.java
License:Open Source License
public CALoadTestRevoke(final CAClient caClient, final Certificate caCert, final DataSourceWrapper caDataSource, final int maxCerts, final int n) throws Exception { ParamChecker.assertNotNull("caClient", caClient); ParamChecker.assertNotNull("caCert", caCert); ParamChecker.assertNotNull("caDataSource", caDataSource); if (n < 1) { throw new IllegalArgumentException("non-positive n " + n + " is not allowed"); }//from w ww . ja v a2 s . c om this.n = n; this.caClient = caClient; this.caDataSource = caDataSource; this.caSubject = caCert.getSubject(); this.maxCerts = maxCerts; if (caCert.getIssuer().equals(caCert.getSubject())) { this.excludeSerials.add(caCert.getSerialNumber().getPositiveValue().longValue()); } String sha1Fp = SecurityUtil.sha1sum(caCert.getEncoded()); String sql = "SELECT ID FROM CS_CA WHERE FP_CERT='" + sha1Fp + "'"; Statement stmt = caDataSource.getConnection().createStatement(); try { ResultSet rs = stmt.executeQuery(sql); if (rs.next()) { caInfoId = rs.getInt("ID"); } else { throw new Exception("CA Certificate and database configuration does not match"); } rs.close(); sql = "SELECT MIN(SERIAL) FROM CERT WHERE REVOKED=0 AND CA_ID=" + caInfoId; rs = stmt.executeQuery(sql); rs.next(); minSerial = rs.getLong(1); nextStartSerial = minSerial; sql = "SELECT MAX(SERIAL) FROM CERT WHERE REVOKED=0 AND CA_ID=" + caInfoId; rs = stmt.executeQuery(sql); rs.next(); maxSerial = rs.getLong(1); } finally { caDataSource.releaseResources(stmt, null); } }
From source file:org.xipki.commons.security.shell.CertInfoCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { Certificate cert = Certificate.getInstance(IoUtil.read(inFile)); if (serial != null && serial) { return getNumber(cert.getSerialNumber().getPositiveValue()); } else if (subject != null && subject) { return cert.getSubject().toString(); } else if (issuer != null && issuer) { return cert.getIssuer().toString(); } else if (notBefore != null && notBefore) { return toUtcTimeyyyyMMddhhmmssZ(cert.getStartDate().getDate()); } else if (notAfter != null && notAfter) { return toUtcTimeyyyyMMddhhmmssZ(cert.getEndDate().getDate()); } else if (fingerprint != null && fingerprint) { byte[] encoded = cert.getEncoded(); return HashAlgoType.getHashAlgoType(hashAlgo).hexHash(encoded); }/*from w w w . j a va 2 s.c o m*/ return null; }
From source file:org.xipki.dbtool.CaCertStoreDbImporter.java
License:Open Source License
private int[] do_import_cert(final PreparedStatement ps_cert, final PreparedStatement ps_rawcert, final String certsZipFile, final int minId, final File processLogFile, final int totalProcessedSum) throws IOException, JAXBException, DataAccessException, CertificateException { ZipFile zipFile = new ZipFile(new File(baseDir, certsZipFile)); ZipEntry certsXmlEntry = zipFile.getEntry("certs.xml"); CertsType certs;/*from w ww . j a v a2s.co m*/ try { @SuppressWarnings("unchecked") JAXBElement<CertsType> rootElement = (JAXBElement<CertsType>) unmarshaller .unmarshal(zipFile.getInputStream(certsXmlEntry)); certs = rootElement.getValue(); } catch (JAXBException e) { try { zipFile.close(); } catch (Exception e2) { } throw XMLUtil.convert(e); } disableAutoCommit(); try { List<CertType> list = certs.getCert(); final int size = list.size(); final int n = 100; int numProcessed = 0; int numEntriesInBatch = 0; int lastSuccessfulCertId = 0; for (int i = 0; i < size; i++) { CertType cert = list.get(i); int id = cert.getId(); lastSuccessfulCertId = id; if (id < minId) { continue; } int certArt = cert.getArt() == null ? 1 : cert.getArt(); numEntriesInBatch++; String filename = cert.getCertFile(); // rawcert ZipEntry certZipEnty = zipFile.getEntry(filename); // rawcert byte[] encodedCert = IoUtil.read(zipFile.getInputStream(certZipEnty)); Certificate c; try { c = Certificate.getInstance(encodedCert); } catch (Exception e) { LOG.error("could not parse certificate in file {}", filename); LOG.debug("could not parse certificate in file " + filename, e); if (e instanceof CertificateException) { throw (CertificateException) e; } else { throw new CertificateException(e.getMessage(), e); } } byte[] encodedKey = c.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); String hexSha1FpCert = HashCalculator.hexHash(HashAlgoType.SHA1, encodedCert); // cert try { int idx = 1; ps_cert.setInt(idx++, id); ps_cert.setInt(idx++, certArt); ps_cert.setLong(idx++, cert.getLastUpdate()); ps_cert.setLong(idx++, c.getSerialNumber().getPositiveValue().longValue()); ps_cert.setString(idx++, X509Util.getRFC4519Name(c.getSubject())); ps_cert.setLong(idx++, c.getTBSCertificate().getStartDate().getDate().getTime() / 1000); ps_cert.setLong(idx++, c.getTBSCertificate().getEndDate().getDate().getTime() / 1000); setBoolean(ps_cert, idx++, cert.isRevoked()); setInt(ps_cert, idx++, cert.getRevReason()); setLong(ps_cert, idx++, cert.getRevTime()); setLong(ps_cert, idx++, cert.getRevInvTime()); setInt(ps_cert, idx++, cert.getProfileId()); setInt(ps_cert, idx++, cert.getCaId()); setInt(ps_cert, idx++, cert.getRequestorId()); setInt(ps_cert, idx++, cert.getUserId()); ps_cert.setString(idx++, HashCalculator.hexHash(HashAlgoType.SHA1, encodedKey)); String sha1FpSubject = X509Util.sha1sum_canonicalized_name(c.getSubject()); ps_cert.setString(idx++, sha1FpSubject); Extension extension = c.getTBSCertificate().getExtensions() .getExtension(Extension.basicConstraints); boolean ee = true; if (extension != null) { ASN1Encodable asn1 = extension.getParsedValue(); try { ee = BasicConstraints.getInstance(asn1).isCA() == false; } catch (Exception e) { } } ps_cert.setInt(idx++, ee ? 1 : 0); ps_cert.addBatch(); } catch (SQLException e) { throw translate(SQL_ADD_CERT, e); } try { int idx = 1; ps_rawcert.setInt(idx++, cert.getId()); ps_rawcert.setString(idx++, hexSha1FpCert); ps_rawcert.setString(idx++, Base64.toBase64String(encodedCert)); ps_rawcert.addBatch(); } catch (SQLException e) { throw translate(SQL_ADD_RAWCERT, e); } if (numEntriesInBatch > 0 && (numEntriesInBatch % n == 0 || i == size - 1)) { String sql = null; try { sql = SQL_ADD_CERT; ps_cert.executeBatch(); sql = SQL_ADD_RAWCERT; ps_rawcert.executeBatch(); sql = null; commit("(commit import cert to CA)"); } catch (SQLException e) { rollback(); throw translate(sql, e); } catch (DataAccessException e) { rollback(); throw e; } numProcessed += numEntriesInBatch; numEntriesInBatch = 0; echoToFile((totalProcessedSum + numProcessed) + ":" + lastSuccessfulCertId, processLogFile); } } return new int[] { numProcessed, lastSuccessfulCertId }; } finally { try { recoverAutoCommit(); } catch (DataAccessException e) { } zipFile.close(); } }
From source file:org.xipki.pki.ca.client.shell.loadtest.DbGoodCertSerialIterator.java
License:Open Source License
public DbGoodCertSerialIterator(final Certificate caCert, final DataSourceWrapper caDataSource) throws Exception { ParamUtil.requireNonNull("caCert", caCert); this.caDataSource = ParamUtil.requireNonNull("caDataSource", caDataSource); this.caSerial = caCert.getSerialNumber().getPositiveValue(); this.sqlNextSerials = caDataSource.buildSelectFirstSql("ID,SN FROM CERT WHERE REV=0 AND CA_ID=? AND ID>=?", numSqlEntries, "ID"); String b64Sha1Fp = HashAlgoType.SHA1.base64Hash(caCert.getEncoded()); String sql = "SELECT ID FROM CS_CA WHERE SHA1_CERT='" + b64Sha1Fp + "'"; Statement stmt = caDataSource.getConnection().createStatement(); try {//from w ww . j av a2 s . c o m ResultSet rs = stmt.executeQuery(sql); if (rs.next()) { caInfoId = rs.getInt("ID"); } else { throw new Exception("CA Certificate and database configuration does not match"); } rs.close(); sql = "SELECT MIN(ID) FROM CERT WHERE REV=0 AND CA_ID=" + caInfoId; rs = stmt.executeQuery(sql); rs.next(); minId = rs.getLong(1); nextStartId = minId; } finally { caDataSource.releaseResources(stmt, null); } currentSerial = readNextNumber(); }
From source file:org.xipki.pki.ocsp.server.impl.store.crl.CrlCertStatusStore.java
License:Open Source License
private Map<BigInteger, CertWithInfo> extractCertsFromExtCrlCertSet(final byte[] encodedExtCrlCertSet, final X500Name caName) throws OcspStoreException { Map<BigInteger, CertWithInfo> certsMap = new HashMap<>(); ASN1Set asn1Set = DERSet.getInstance(encodedExtCrlCertSet); final int n = asn1Set.size(); for (int i = 0; i < n; i++) { ASN1Encodable asn1 = asn1Set.getObjectAt(i); ASN1Sequence seq = ASN1Sequence.getInstance(asn1); BigInteger serialNumber = ASN1Integer.getInstance(seq.getObjectAt(0)).getValue(); Certificate bcCert = null; String profileName = null; final int size = seq.size(); for (int j = 1; j < size; j++) { ASN1TaggedObject taggedObj = DERTaggedObject.getInstance(seq.getObjectAt(j)); int tagNo = taggedObj.getTagNo(); switch (tagNo) { case 0: bcCert = Certificate.getInstance(taggedObj.getObject()); break; case 1: profileName = DERUTF8String.getInstance(taggedObj.getObject()).getString(); break; default: break; }/*from w ww . j ava 2s. co m*/ } if (bcCert != null) { if (!caName.equals(bcCert.getIssuer())) { throw new OcspStoreException("issuer not match (serial=" + LogUtil.formatCsn(serialNumber) + ") in CRL Extension Xipki-CertSet"); } if (!serialNumber.equals(bcCert.getSerialNumber().getValue())) { throw new OcspStoreException("serialNumber not match (serial=" + LogUtil.formatCsn(serialNumber) + ") in CRL Extension Xipki-CertSet"); } } if (profileName == null) { profileName = "UNKNOWN"; } CertWithInfo entry = new CertWithInfo(serialNumber); entry.setProfileName(profileName); if (!certHashAlgos.isEmpty()) { entry.setCert(bcCert); } certsMap.put(serialNumber, entry); } return certsMap; }
From source file:org.xipki.pki.ocsp.server.impl.store.crl.CrlCertStatusStore.java
License:Open Source License
private void readCertWithInfosFromDir(final X509Certificate caCert, final String certsDirname, final Map<BigInteger, CertWithInfo> certsMap) throws CertificateEncodingException { File certsDir = new File(certsDirname); if (!certsDir.exists()) { LOG.warn("the folder " + certsDirname + " does not exist, ignore it"); return;// w ww . j a v a 2 s . c om } if (!certsDir.isDirectory()) { LOG.warn("the path " + certsDirname + " does not point to a folder, ignore it"); return; } if (!certsDir.canRead()) { LOG.warn("the folder " + certsDirname + " must not be read, ignore it"); return; } File[] certFiles = certsDir.listFiles(new FilenameFilter() { @Override public boolean accept(final File dir, final String name) { return name.endsWith(".der") || name.endsWith(".crt"); } }); if (certFiles == null || certFiles.length == 0) { return; } X500Name issuer = X500Name.getInstance(caCert.getSubjectX500Principal().getEncoded()); byte[] issuerSki = X509Util.extractSki(caCert); final String profileName = "UNKNOWN"; final boolean needsCert = !certHashAlgos.isEmpty(); for (File certFile : certFiles) { Certificate bcCert; try { byte[] encoded = IoUtil.read(certFile); bcCert = Certificate.getInstance(encoded); } catch (IllegalArgumentException | IOException ex) { LOG.warn("could not parse certificate {}, ignore it", certFile.getPath()); continue; } BigInteger serialNumber = bcCert.getSerialNumber().getValue(); if (certsMap.containsKey(serialNumber)) { continue; } // not issued by the given issuer if (!issuer.equals(bcCert.getIssuer())) { continue; } if (issuerSki != null) { byte[] aki = null; try { aki = X509Util.extractAki(bcCert); } catch (CertificateEncodingException ex) { LogUtil.error(LOG, ex, "could not extract AuthorityKeyIdentifier"); } if (aki == null || !Arrays.equals(issuerSki, aki)) { continue; } } // end if CertWithInfo entry = new CertWithInfo(serialNumber); entry.setProfileName(profileName); if (needsCert) { entry.setCert(bcCert); } certsMap.put(serialNumber, entry); } // end for }
From source file:org.xipki.pki.scep.client.shell.GetCrlCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { Certificate cert = Certificate.getInstance(IoUtil.read(certFile)); ScepClient client = getScepClient(); X509CRL crl = client.scepGetCrl(getIdentityKey(), getIdentityCert(), cert.getIssuer(), cert.getSerialNumber().getPositiveValue()); if (crl == null) { throw new CmdFailure("received no CRL from server"); }/* www. jav a 2s. c om*/ saveVerbose("saved CRL to file", new File(outputFile), crl.getEncoded()); return null; }