List of usage examples for org.bouncycastle.asn1.x509 CertificateList CertificateList
public CertificateList(ASN1Sequence seq)
From source file:br.gov.jfrj.siga.cd.CRLLocator.java
License:Open Source License
/** * Uma vez instanciado o objeto, possvel fazer a busca da CRL referente * ao certificado a ser verificado. A CRL retornada, independente do * construtor utilizado, desde que esteja disponvel. * /*from w w w . ja va 2s . c o m*/ * @return um objeto X509CRLObject para uso posterior. * @throws CRLException */ public X509CRLObject getCRL() throws InvalidCRLException, CRLException { try { if (this.certificate != null) this.getRemoteCRL(); else this.getLocalCRL(); // Maneira um pouco mais dificil de instanciar um X509CRLObject final ByteArrayInputStream bis = new ByteArrayInputStream(this.crl); final ASN1InputStream stream = new ASN1InputStream(bis); final CertificateList cl = new CertificateList((ASN1Sequence) stream.readObject()); return new SigaX509CRLObject(cl); } catch (final MalformedURLException e) { throw new InvalidCRLException("URL de acesso a CRL est mal formada ou invlida! (" + this.uri + ")", e); } catch (final ProtocolException e) { throw new InvalidCRLException( "Falha ao setar o mtodo HTTP/GET para fazer o download da CRL! (" + this.uri + ")", e); } catch (final IOException e) { throw new InvalidCRLException("Falha ao gerar a CRL! (" + this.uri + ")", e); } }
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesHelper.java
License:Open Source License
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws SimpleValidationErrorException { // use BC X509CRLObject so that indirect CRLs are supported X509CRLObject bcCRL = null;/* ww w . ja va2 s. com*/ try { bcCRL = new X509CRLObject( new CertificateList((ASN1Sequence) ASN1Sequence.fromByteArray(crl.getEncoded()))); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.unknownMsg, e); } // use BC X509CRLEntryObject, so that getCertificateIssuer() is // supported. X509CRLEntryObject crl_entry = (X509CRLEntryObject) bcCRL .getRevokedCertificate(CertPathValidatorUtilities.getSerialNumber(cert)); if (crl_entry != null && (CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) .equals(crl_entry.getCertificateIssuer()) || CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) .equals(crl.getIssuerX500Principal()))) { ASN1Enumerated reasonCode = null; if (crl_entry.hasExtensions()) { try { reasonCode = ASN1Enumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId())); } catch (Exception e) { throw new SimpleValidationErrorException(ValidationErrorCode.crlReasonExtError, e); } } // for reason keyCompromise, caCompromise, aACompromise // or // unspecified if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCode == null || reasonCode.getValue().intValue() == 0 || reasonCode.getValue().intValue() == 1 || reasonCode.getValue().intValue() == 2 || reasonCode.getValue().intValue() == 8) { // (i) or (j) (1) if (reasonCode != null) { certStatus.setCertStatus(reasonCode.getValue().intValue()); } // (i) or (j) (2) else { certStatus.setCertStatus(CRLReason.unspecified); } certStatus.setRevocationDate(crl_entry.getRevocationDate()); } } }
From source file:eu.europa.ec.markt.dss.signature.cades.CAdESProfileXL.java
License:Open Source License
private Hashtable<ASN1ObjectIdentifier, ASN1Encodable> extendUnsignedAttributes( Hashtable<ASN1ObjectIdentifier, ASN1Encodable> unsignedAttrs, X509Certificate signingCertificate, Date signingDate, CertificateSource optionalCertificateSource) throws IOException { ValidationContext validationContext = certificateVerifier.validateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null); try {/*from w w w . ja v a 2 s. co m*/ List<X509CertificateStructure> certificateValues = new ArrayList<X509CertificateStructure>(); ArrayList<CertificateList> crlValues = new ArrayList<CertificateList>(); ArrayList<BasicOCSPResponse> ocspValues = new ArrayList<BasicOCSPResponse>(); /* * The ETSI TS 101 733 stipulates (6.2.1): "It references the full set of CA certificates that have been * used to validate an ES with Complete validation data up to (but not including) the signer's certificate. * [...] NOTE 1: The signer's certificate is referenced in the signing certificate attribute (see clause * 5.7.3)." (6.2.1) * * "The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they * relate." (6.2.2) * * Also, no mention of the way to order those second and subsequent fields, so we add the certificates as * provided by the context. */ /* The SignedCertificate is in validationContext.getCertificate() */ for (CertificateAndContext c : validationContext.getNeededCertificates()) { /* * Add every certificate except the signing certificate */ if (!c.equals(signingCertificate)) { certificateValues.add(new X509CertificateStructure( (ASN1Sequence) ASN1Object.fromByteArray(c.getCertificate().getEncoded()))); } } /* * Record each CRL and OCSP with a reference to the corresponding certificate */ for (CRL relatedcrl : validationContext.getNeededCRL()) { crlValues.add(new CertificateList( (ASN1Sequence) ASN1Object.fromByteArray(((X509CRL) relatedcrl).getEncoded()))); } for (BasicOCSPResp relatedocspresp : validationContext.getNeededOCSPResp()) { ocspValues.add((new BasicOCSPResponse( (ASN1Sequence) ASN1Object.fromByteArray(relatedocspresp.getEncoded())))); } CertificateList[] crlValuesArray = new CertificateList[crlValues.size()]; BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspValues.size()]; RevocationValues revocationValues = new RevocationValues(crlValues.toArray(crlValuesArray), ocspValues.toArray(ocspValuesArray), null); unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_revocationValues, new DERSet(revocationValues))); X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues.size()]; unsignedAttrs.put(PKCSObjectIdentifiers.id_aa_ets_certValues, new Attribute(PKCSObjectIdentifiers.id_aa_ets_certValues, new DERSet(new DERSequence(certificateValues.toArray(certValuesArray))))); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (CRLException e) { throw new RuntimeException(e); } return unsignedAttrs; }
From source file:eu.europa.ec.markt.dss.validation102853.crl.CRLToken.java
License:Open Source License
/** * @return the a copy of x509crl as a X509CRLHolder *///from w ww . ja v a 2s.c o m public X509CRLHolder getX509CrlHolder() { try { final X509CRL x509crl = getX509crl(); final TBSCertList tbsCertList = TBSCertList.getInstance(x509crl.getTBSCertList()); final AlgorithmIdentifier sigAlgOID = new AlgorithmIdentifier( new ASN1ObjectIdentifier(x509crl.getSigAlgOID())); final byte[] signature = x509crl.getSignature(); final X509CRLHolder x509crlHolder = new X509CRLHolder(new CertificateList( new DERSequence(new ASN1Encodable[] { tbsCertList, sigAlgOID, new DERBitString(signature) }))); return x509crlHolder; } catch (CRLException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.cades.signature.CAdESLevelBaselineLT.java
License:Open Source License
/** * @return the a copy of x509crl as a X509CRLHolder */// www.j a v a 2 s .co m private X509CRLHolder getX509CrlHolder(CRLToken crlToken) { try { final X509CRL x509crl = crlToken.getX509crl(); final TBSCertList tbsCertList = TBSCertList.getInstance(x509crl.getTBSCertList()); final AlgorithmIdentifier sigAlgOID = new AlgorithmIdentifier( new ASN1ObjectIdentifier(x509crl.getSigAlgOID())); final byte[] signature = x509crl.getSignature(); final DERSequence seq = new DERSequence( new ASN1Encodable[] { tbsCertList, sigAlgOID, new DERBitString(signature) }); final CertificateList x509CRL = new CertificateList(seq); // final CertificateList x509CRL = new // CertificateList.getInstance((Object)seq); final X509CRLHolder x509crlHolder = new X509CRLHolder(x509CRL); return x509crlHolder; } catch (CRLException e) { throw new DSSException(e); } }
From source file:eu.europa.esig.dss.x509.crl.CRLToken.java
License:Open Source License
/** * @return the a copy of x509crl as a X509CRLHolder *//*from ww w. ja v a 2 s .c om*/ public X509CRLHolder getX509CrlHolder() { try { final X509CRL x509crl = getX509crl(); final TBSCertList tbsCertList = TBSCertList.getInstance(x509crl.getTBSCertList()); final AlgorithmIdentifier sigAlgOID = new AlgorithmIdentifier( new ASN1ObjectIdentifier(x509crl.getSigAlgOID())); final byte[] signature = x509crl.getSignature(); final DERSequence seq = new DERSequence( new ASN1Encodable[] { tbsCertList, sigAlgOID, new DERBitString(signature) }); final CertificateList x509CRL = new CertificateList(seq); // final CertificateList x509CRL = new // CertificateList.getInstance((Object)seq); final X509CRLHolder x509crlHolder = new X509CRLHolder(x509CRL); return x509crlHolder; } catch (CRLException e) { throw new DSSException(e); } }
From source file:it.trento.comune.j4sign.cms.ExternalSignatureCMSSignedDataGenerator.java
License:Open Source License
/** * add the certificates and CRLs contained in the given CertStore to the * pool that will be included in the encoded signature block. * <p>/* ww w. j a v a 2 s . co m*/ * Note: this assumes the CertStore will support null in the get methods. * * @param certStore * @throws CertStoreException * @throws CMSException */ public void addCertificatesAndCRLs(CertStore certStore) throws CertStoreException, CMSException { // // divide up the certs and crls. // try { Iterator it = certStore.getCertificates(null).iterator(); while (it.hasNext()) { X509Certificate c = (X509Certificate) it.next(); certs.add(new X509CertificateStructure((ASN1Sequence) makeObj(c.getEncoded()))); } } catch (IOException e) { throw new CMSException("error processing certs", e); } catch (CertificateEncodingException e) { throw new CMSException("error encoding certs", e); } try { Iterator it = certStore.getCRLs(null).iterator(); while (it.hasNext()) { X509CRL c = (X509CRL) it.next(); crls.add(new CertificateList((ASN1Sequence) makeObj(c.getEncoded()))); } } catch (IOException e) { throw new CMSException("error processing crls", e); } catch (CRLException e) { throw new CMSException("error encoding crls", e); } }
From source file:org.candlepin.util.X509CRLStreamWriter.java
License:Open Source License
protected void writeToEmptyCrl(OutputStream out) throws IOException { ASN1InputStream asn1in = null; try {/*w w w . ja v a 2s . co m*/ asn1in = new ASN1InputStream(crlIn); DERSequence certListSeq = (DERSequence) asn1in.readObject(); CertificateList certList = new CertificateList(certListSeq); X509CRLHolder oldCrl = new X509CRLHolder(certList); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(oldCrl.getIssuer(), new Date()); crlBuilder.addCRL(oldCrl); Date now = new Date(); Date oldNextUpdate = certList.getNextUpdate().getDate(); Date oldThisUpdate = certList.getThisUpdate().getDate(); Date nextUpdate = new Date(now.getTime() + (oldNextUpdate.getTime() - oldThisUpdate.getTime())); crlBuilder.setNextUpdate(nextUpdate); for (Object o : oldCrl.getExtensionOIDs()) { ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) o; X509Extension ext = oldCrl.getExtension(oid); if (oid.equals(X509Extension.cRLNumber)) { DEROctetString octet = (DEROctetString) ext.getValue().getDERObject(); DERInteger currentNumber = (DERInteger) DERTaggedObject.fromByteArray(octet.getOctets()); DERInteger nextNumber = new DERInteger(currentNumber.getValue().add(BigInteger.ONE)); crlBuilder.addExtension(oid, ext.isCritical(), nextNumber); } else if (oid.equals(X509Extension.authorityKeyIdentifier)) { crlBuilder.addExtension(oid, ext.isCritical(), new AuthorityKeyIdentifierStructure(ext.getValue().getDEREncoded())); } } for (DERSequence entry : newEntries) { // XXX: This is all a bit messy considering the user already passed in the serial, date // and reason. BigInteger serial = ((DERInteger) entry.getObjectAt(0)).getValue(); Date revokeDate = ((Time) entry.getObjectAt(1)).getDate(); int reason = CRLReason.unspecified; if (entry.size() == 3) { X509Extensions extensions = (X509Extensions) entry.getObjectAt(2); X509Extension reasonExt = extensions.getExtension(X509Extension.reasonCode); if (reasonExt != null) { reason = ((DEREnumerated) reasonExt.getParsedValue()).getValue().intValue(); } } crlBuilder.addCRLEntry(serial, revokeDate, reason); } RSAKeyParameters keyParams = new RSAKeyParameters(true, key.getModulus(), key.getPrivateExponent()); signingAlg = oldCrl.toASN1Structure().getSignatureAlgorithm(); digestAlg = new DefaultDigestAlgorithmIdentifierFinder().find(signingAlg); ContentSigner s; try { s = new BcRSAContentSignerBuilder(signingAlg, digestAlg).build(keyParams); X509CRLHolder newCrl = crlBuilder.build(s); out.write(newCrl.getEncoded()); } catch (OperatorCreationException e) { throw new IOException("Could not sign CRL", e); } } finally { IOUtils.closeQuietly(asn1in); } }