List of usage examples for org.bouncycastle.asn1.x509 CertificateList getInstance
public static CertificateList getInstance(Object obj)
From source file:br.gov.jfrj.siga.cd.AssinaturaDigital.java
License:Open Source License
@SuppressWarnings("unchecked") protected static String validarAssinaturaCMS(byte[] digest, String digestAlgorithm, byte[] assinatura, Date dtAssinatura) throws InvalidKeyException, SecurityException, CRLException, CertificateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, AplicacaoException, ChainValidationException, IOException, Exception { final CMSSignedData s; if (digest != null) { Map<String, byte[]> map = new HashMap<String, byte[]>(); map.put(digestAlgorithm, digest); s = new CMSSignedData(map, assinatura); } else {/*from w w w . j a va2 s . c o m*/ s = new CMSSignedData(assinatura); } Store certs = s.getCertificates(); SignerInformationStore signers = s.getSignerInfos(); Collection<SignerInformation> c = signers.getSigners(); Iterator<SignerInformation> it = c.iterator(); X509CertificateHolder firstSignerCert = null; while (it.hasNext()) { SignerInformation signer = it.next(); Collection<X509CertificateHolder> certCollection = certs.getMatches(signer.getSID()); Iterator<X509CertificateHolder> certIt = certCollection.iterator(); X509CertificateHolder cert = certIt.next(); if (firstSignerCert == null) firstSignerCert = cert; if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert))) throw new Exception("Assinatura invlida!"); System.out.println("\nSigner Info: \n"); System.out.println("Is Signature Valid? true"); System.out.println("Digest: " + asHex(signer.getContentDigest())); System.out.println("Enc Alg Oid: " + signer.getEncryptionAlgOID()); System.out.println("Digest Alg Oid: " + signer.getDigestAlgOID()); System.out.println("Signature: " + asHex(signer.getSignature())); } // X509Certificate[] cadeiaTotal = montarCadeiaOrdenadaECompleta((Collection<X509Certificate>) (certs.getCertificates(null))); X509Certificate[] cadeiaTotal = montarCadeiaOrdenadaECompleta(certs.getMatches(null)); List<X509CRLObject> crls = new ArrayList<>(); if (certs.getMatches(null) != null) { Enumeration ec = ASN1Set.getInstance(certs.getMatches(null)).getObjects(); while (ec.hasMoreElements()) { crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))); } } final X509ChainValidator cadeia = new X509ChainValidator(cadeiaTotal, /* trustedAnchors */new HashSet(FachadaDeCertificadosAC.getTrustAnchors()), crls.toArray(new X509CRLObject[0])); cadeia.checkCRL(true); try { cadeia.validateChain(dtAssinatura); } catch (Exception e1) { if (e1.getMessage().endsWith("Validation time is in future.")) { String s1 = e1.getMessage() + " Current date: [" + new Date().toString() + "]. Record date: [" + dtAssinatura + "]. LCRs' dates ["; for (X509CRLObject crl : (Collection<X509CRLObject>) certs.getMatches(null)) { String s2 = crl.getIssuerX500Principal().getName(); s2 = s2.split(",")[0]; s1 += s2 + " (" + crl.getThisUpdate() + " - " + crl.getNextUpdate() + ") "; } s1 += "]"; throw new AplicacaoException(s1, 0, e1); } else throw e1; } // String s1 = firstSignerCert.getSubjectDN().getName(); String s1 = firstSignerCert.getSubject().toString(); s1 = obterNomeExibicao(s1); return s1; }
From source file:com.novosec.pkix.asn1.cmp.CRLAnnContent.java
License:Open Source License
public CRLAnnContent(ASN1Sequence seq) { Enumeration e = seq.getObjects(); while (e.hasMoreElements()) { CertificateList s = CertificateList.getInstance(e.nextElement()); certificateLists.addElement(s);// w ww. j a va2 s . c om } }
From source file:com.novosec.pkix.asn1.cmp.RevRepContent.java
License:Open Source License
public RevRepContent(ASN1Sequence seq) { Enumeration e = seq.getObjects(); Enumeration estatus = ((ASN1Sequence) e.nextElement()).getObjects(); while (estatus.hasMoreElements()) { status.addElement(PKIStatusInfo.getInstance(estatus.nextElement())); }/*from w w w.j av a 2s .c o m*/ while (e.hasMoreElements()) { DERTaggedObject obj = (DERTaggedObject) e.nextElement(); switch (obj.getTagNo()) { case 0: // Enumeration erevcerts = ((ASN1Sequence)e.nextElement()).getObjects(); Enumeration erevcerts = ((ASN1Sequence) obj.getObject()).getObjects(); while (erevcerts.hasMoreElements()) { revCerts.addElement(CertId.getInstance(erevcerts.nextElement())); } break; case 1: // Enumeration ecrls = ((ASN1Sequence)e.nextElement()).getObjects(); Enumeration ecrls = ((ASN1Sequence) obj.getObject()).getObjects(); while (ecrls.hasMoreElements()) { crls.addElement(CertificateList.getInstance(ecrls.nextElement())); } break; } } }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.impl.RevocationValues.java
License:Open Source License
@Override public Attribute getValue() throws SignerException { List<X509CRL> crlList = new ArrayList<X509CRL>(); ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>(); List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>(); try {// ww w . j a v a 2s . c o m int chainSize = certificates.length - 1; for (int ix = 0; ix < chainSize; ix++) { X509Certificate cert = (X509Certificate) certificates[ix]; Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert); for (ICPBR_CRL icpCrl : icpCrls) { crlList.add(icpCrl.getCRL()); } } if (crlList.isEmpty()) { throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty")); } else { for (X509CRL varCrl : crlList) { crlVals.add(CertificateList.getInstance(varCrl.getEncoded())); } } CertificateList[] crlValuesArray = new CertificateList[crlVals.size()]; BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()]; // OtherRevVals otherRevVals = new OtherRevVals(null); //return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(null)); //org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), ocspVals.toArray(ocspValuesArray), null); //org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null); return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(new DERSequence(crlVals.toArray(crlValuesArray)))); } catch (Exception e) { throw new SignerException(e.getMessage()); } }
From source file:org.jnotary.dvcs.CertEtcToken.java
License:Open Source License
private CertEtcToken(Object obj) { if (obj instanceof X509Extension) { extension = null; //TODO: Das muss verstanden werden } else {/*from w w w .ja va2 s . c om*/ ASN1TaggedObject tagObj = (ASN1TaggedObject) obj; switch (tagObj.getTagNo()) { case 0: certificate = Certificate.getInstance(tagObj.getObject()); break; case 1: esscertid = ESSCertID.getInstance(tagObj.getObject()); break; case 2: pkistatus = PKIStatusInfo.getInstance(tagObj.getObject()); break; case 3: assertion = ContentInfo.getInstance(tagObj.getObject()); break; case 4: crl = CertificateList.getInstance(tagObj.getObject()); break; case 5: ocspcertstatus = CertStatus.getInstance(tagObj.getObject()); break; case 6: oscpcertid = CertID.getInstance(tagObj.getObject()); break; case 7: oscpresponse = OCSPResponse.getInstance(tagObj.getObject()); break; case 8: capabilities = SMIMECapabilities.getInstance(tagObj.getObject()); break; } } }
From source file:org.votingsystem.signature.util.CMSUtils.java
License:Open Source License
static List getCRLsFromStore(CertStore certStore) throws CertStoreException, CMSException { List crls = new ArrayList(); try {//from w ww. j av a2s . c o m for (Iterator it = certStore.getCRLs(null).iterator(); it.hasNext();) { X509CRL c = (X509CRL) it.next(); crls.add(CertificateList.getInstance(ASN1Object.fromByteArray(c.getEncoded()))); } return crls; } catch (IllegalArgumentException e) { throw new CMSException("error processing crls", e); } catch (IOException e) { throw new CMSException("error processing crls", e); } catch (CRLException e) { throw new CMSException("error encoding crls", e); } }
From source file:org.xipki.ca.client.impl.X509CmpRequestor.java
License:Open Source License
private CRLResultType evaluateCRLResponse(final PKIResponse response, final Integer xipkiAction) throws CmpRequestorException, PKIErrorException { checkProtection(response);// w w w. ja v a 2 s .c o m PKIBody respBody = response.getPkiMessage().getBody(); int bodyType = respBody.getType(); if (PKIBody.TYPE_ERROR == bodyType) { ErrorMsgContent content = (ErrorMsgContent) respBody.getContent(); throw new PKIErrorException(content.getPKIStatusInfo()); } else if (PKIBody.TYPE_GEN_REP != bodyType) { throw new CmpRequestorException("unknown PKI body type " + bodyType + " instead the exceptected [" + PKIBody.TYPE_GEN_REP + ", " + PKIBody.TYPE_ERROR + "]"); } ASN1ObjectIdentifier expectedType = xipkiAction == null ? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.id_xipki_cmp; GenRepContent genRep = (GenRepContent) respBody.getContent(); InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null; if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue m : itvs) { if (expectedType.equals(m.getInfoType())) { itv = m; break; } } } if (itv == null) { throw new CmpRequestorException("the response does not contain InfoTypeAndValue " + expectedType); } ASN1Encodable certListAsn1Object; if (xipkiAction == null) { certListAsn1Object = itv.getInfoValue(); } else { certListAsn1Object = extractXipkiActionContent(itv.getInfoValue(), xipkiAction); } CertificateList certList = CertificateList.getInstance(certListAsn1Object); X509CRL crl; try { crl = new X509CRLObject(certList); } catch (CRLException e) { throw new CmpRequestorException("returned CRL is invalid: " + e.getMessage()); } CRLResultType result = new CRLResultType(); result.setCRL(crl); return result; }
From source file:org.xipki.ca.server.impl.X509CA.java
License:Open Source License
/** * * @param crlNumber/* ww w .j av a2s . c o m*/ * @return * @throws OperationException */ public CertificateList getCRL(final BigInteger crlNumber) throws OperationException { LOG.info(" START getCurrentCRL: ca={}, crlNumber={}", caInfo.getName(), crlNumber); boolean successfull = false; try { byte[] encodedCrl = certstore.getEncodedCRL(caInfo.getCertificate(), crlNumber); if (encodedCrl == null) { return null; } try { CertificateList crl = CertificateList.getInstance(encodedCrl); successfull = true; LOG.info("SUCCESSFUL getCurrentCRL: ca={}, thisUpdate={}", caInfo.getName(), crl.getThisUpdate().getTime()); return crl; } catch (RuntimeException e) { throw new OperationException(ErrorCode.SYSTEM_FAILURE, e.getClass().getName() + ": " + e.getMessage()); } } finally { if (successfull == false) { LOG.info(" FAILED getCurrentCRL: ca={}", caInfo.getName()); } } }
From source file:org.xipki.ca.server.impl.X509CACmpResponder.java
License:Open Source License
private PKIBody cmpGeneralMsg(final PKIHeaderBuilder respHeader, final CmpControl cmpControl, final PKIHeader reqHeader, final PKIBody reqBody, final CmpRequestorInfo requestor, final String user, final ASN1OctetString tid, final AuditEvent auditEvent) throws InsuffientPermissionException { GenMsgContent genMsgBody = (GenMsgContent) reqBody.getContent(); InfoTypeAndValue[] itvs = genMsgBody.toInfoTypeAndValueArray(); InfoTypeAndValue itv = null;/*from w ww .j a v a 2 s . co m*/ if (itvs != null && itvs.length > 0) { for (InfoTypeAndValue _itv : itvs) { String itvType = _itv.getInfoType().getId(); if (knownGenMsgIds.contains(itvType)) { itv = _itv; break; } } } if (itv == null) { String statusMessage = "PKIBody type " + PKIBody.TYPE_GEN_MSG + " is only supported with the sub-types " + knownGenMsgIds.toString(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } InfoTypeAndValue itvResp = null; ASN1ObjectIdentifier infoType = itv.getInfoType(); int failureInfo; try { X509CA ca = getCA(); if (CMPObjectIdentifiers.it_currentCRL.equals(infoType)) { addAutitEventType(auditEvent, "CRL_DOWNLOAD"); checkPermission(requestor, Permission.GET_CRL); CertificateList crl = ca.getCurrentCRL(); if (itv.getInfoValue() == null) { // as defined in RFC 4210 crl = ca.getCurrentCRL(); } else { // xipki extension ASN1Integer crlNumber = ASN1Integer.getInstance(itv.getInfoValue()); crl = ca.getCRL(crlNumber.getPositiveValue()); } if (crl == null) { String statusMessage = "no CRL is available"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } itvResp = new InfoTypeAndValue(infoType, crl); } else if (ObjectIdentifiers.id_xipki_cmp.equals(infoType)) { ASN1Encodable asn1 = itv.getInfoValue(); ASN1Integer asn1Code = null; ASN1Encodable reqValue = null; try { ASN1Sequence seq = ASN1Sequence.getInstance(asn1); asn1Code = ASN1Integer.getInstance(seq.getObjectAt(0)); if (seq.size() > 1) { reqValue = seq.getObjectAt(1); } } catch (IllegalArgumentException e) { String statusMessage = "invalid value of the InfoTypeAndValue for " + ObjectIdentifiers.id_xipki_cmp.getId(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } ASN1Encodable respValue; int action = asn1Code.getPositiveValue().intValue(); switch (action) { case XipkiCmpConstants.ACTION_GEN_CRL: addAutitEventType(auditEvent, "CRL_GEN_ONDEMAND"); checkPermission(requestor, Permission.GEN_CRL); X509CRL _crl = ca.generateCRLonDemand(auditEvent); if (_crl == null) { String statusMessage = "CRL generation is not activated"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } else { respValue = CertificateList.getInstance(_crl.getEncoded()); } break; case XipkiCmpConstants.ACTION_GET_CRL_WITH_SN: addAutitEventType(auditEvent, "CRL_DOWNLOAD_WITH_SN"); checkPermission(requestor, Permission.GET_CRL); ASN1Integer crlNumber = ASN1Integer.getInstance(reqValue); respValue = ca.getCRL(crlNumber.getPositiveValue()); if (respValue == null) { String statusMessage = "no CRL is available"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } break; case XipkiCmpConstants.ACTION_GET_CAINFO: addAutitEventType(auditEvent, "GET_SYSTEMINFO"); Set<Integer> acceptVersions = new HashSet<>(); if (reqValue != null) { ASN1Sequence seq = DERSequence.getInstance(reqValue); int size = seq.size(); for (int i = 0; i < size; i++) { ASN1Integer a = ASN1Integer.getInstance(seq.getObjectAt(i)); acceptVersions.add(a.getPositiveValue().intValue()); } } if (CollectionUtil.isEmpty(acceptVersions)) { acceptVersions.add(1); } String systemInfo = getSystemInfo(requestor, acceptVersions); respValue = new DERUTF8String(systemInfo); break; case XipkiCmpConstants.ACTION_REMOVE_EXPIRED_CERTS: checkPermission(requestor, Permission.REMOVE_CERT); String info = removeExpiredCerts(requestor, itv.getInfoValue()); respValue = new DERUTF8String(info); break; default: String statusMessage = "unsupported XiPKI action code '" + action + "'"; return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.badRequest, statusMessage); } // end switch(action) ASN1EncodableVector v = new ASN1EncodableVector(); v.add(asn1Code); if (respValue != null) { v.add(respValue); } itvResp = new InfoTypeAndValue(infoType, new DERSequence(v)); } GenRepContent genRepContent = new GenRepContent(itvResp); return new PKIBody(PKIBody.TYPE_GEN_REP, genRepContent); } catch (OperationException e) { failureInfo = PKIFailureInfo.systemFailure; String statusMessage = null; ErrorCode code = e.getErrorCode(); switch (code) { case BAD_REQUEST: failureInfo = PKIFailureInfo.badRequest; statusMessage = e.getErrorMessage(); break; case DATABASE_FAILURE: case SYSTEM_FAILURE: statusMessage = code.name(); break; default: statusMessage = code.name() + ": " + e.getErrorMessage(); break; } // end switch(code) return createErrorMsgPKIBody(PKIStatus.rejection, failureInfo, statusMessage); } catch (CRLException e) { String statusMessage = "CRLException: " + e.getMessage(); return createErrorMsgPKIBody(PKIStatus.rejection, PKIFailureInfo.systemFailure, statusMessage); } }
From source file:org.xipki.commons.security.shell.CrlInfoCmd.java
License:Open Source License
@Override protected Object doExecute() throws Exception { CertificateList crl = CertificateList.getInstance(IoUtil.read(inFile)); if (crlNumber != null && crlNumber) { ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue(Extension.cRLNumber); if (asn1 == null) { return "null"; }/*from w w w . ja va 2 s .c om*/ return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue()); } else if (issuer != null && issuer) { return crl.getIssuer().toString(); } else if (thisUpdate != null && thisUpdate) { return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate()); } else if (nextUpdate != null && nextUpdate) { return crl.getNextUpdate() == null ? "null" : toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate()); } return null; }