List of usage examples for org.bouncycastle.cert X509AttributeCertificateHolder getSerialNumber
public BigInteger getSerialNumber()
From source file:org.xipki.pki.ocsp.client.shell.BaseOcspStatusCommandSupport.java
License:Open Source License
@Override protected final Object doExecute() throws Exception { if (StringUtil.isBlank(serialNumberList) && isEmpty(certFiles)) { throw new IllegalCmdParamException("Neither serialNumbers nor certFiles is set"); }/* ww w .ja v a 2 s.c o m*/ X509Certificate issuerCert = X509Util.parseCert(issuerCertFile); Map<BigInteger, byte[]> encodedCerts = null; List<BigInteger> sns = new LinkedList<>(); if (isNotEmpty(certFiles)) { encodedCerts = new HashMap<>(certFiles.size()); String ocspUrl = null; X500Name issuerX500Name = null; if (isAttrCert) { issuerX500Name = X500Name.getInstance(issuerCert.getSubjectX500Principal().getEncoded()); } for (String certFile : certFiles) { BigInteger sn; List<String> ocspUrls; if (isAttrCert) { X509AttributeCertificateHolder cert = new X509AttributeCertificateHolder(IoUtil.read(certFile)); // no signature validation AttributeCertificateIssuer reqIssuer = cert.getIssuer(); if (reqIssuer != null && issuerX500Name != null) { X500Name reqIssuerName = reqIssuer.getNames()[0]; if (!issuerX500Name.equals(reqIssuerName)) { throw new IllegalCmdParamException( "certificate " + certFile + " is not issued by the given issuer"); } } ocspUrls = extractOcspUrls(cert); sn = cert.getSerialNumber(); } else { X509Certificate cert = X509Util.parseCert(certFile); if (!X509Util.issues(issuerCert, cert)) { throw new IllegalCmdParamException( "certificate " + certFile + " is not issued by the given issuer"); } ocspUrls = extractOcspUrls(cert); sn = cert.getSerialNumber(); } if (isBlank(serverUrl)) { if (CollectionUtil.isEmpty(ocspUrls)) { throw new IllegalCmdParamException("could not extract OCSP responder URL"); } else { String url = ocspUrls.get(0); if (ocspUrl != null && !ocspUrl.equals(url)) { throw new IllegalCmdParamException( "given certificates have different" + " OCSP responder URL in certificate"); } else { ocspUrl = url; } } } // end if sns.add(sn); byte[] encodedCert = IoUtil.read(certFile); encodedCerts.put(sn, encodedCert); } // end for if (isBlank(serverUrl)) { serverUrl = ocspUrl; } } else { StringTokenizer st = new StringTokenizer(serialNumberList, ", "); while (st.hasMoreTokens()) { String token = st.nextToken(); StringTokenizer st2 = new StringTokenizer(token, "-"); BigInteger from = toBigInt(st2.nextToken(), hex); BigInteger to = st2.hasMoreTokens() ? toBigInt(st2.nextToken(), hex) : null; if (to == null) { sns.add(from); } else { BigIntegerRange range = new BigIntegerRange(from, to); if (range.getDiff().compareTo(BigInteger.valueOf(10)) > 0) { throw new IllegalCmdParamException("to many serial numbers"); } BigInteger sn = range.getFrom(); while (range.isInRange(sn)) { sns.add(sn); sn = sn.add(BigInteger.ONE); } } } } if (isBlank(serverUrl)) { throw new IllegalCmdParamException("could not get URL for the OCSP responder"); } X509Certificate respIssuer = null; if (respIssuerFile != null) { respIssuer = X509Util.parseCert(IoUtil.expandFilepath(respIssuerFile)); } URL serverUrlObj = new URL(serverUrl); RequestOptions options = getRequestOptions(); checkParameters(respIssuer, sns, encodedCerts); boolean saveReq = isNotBlank(reqout); boolean saveResp = isNotBlank(respout); RequestResponseDebug debug = null; if (saveReq || saveResp) { debug = new RequestResponseDebug(); } IssuerHash issuerHash = new IssuerHash(HashAlgoType.getNonNullHashAlgoType(options.getHashAlgorithmId()), Certificate.getInstance(issuerCert.getEncoded())); OCSPResp response; try { response = requestor.ask(issuerCert, sns.toArray(new BigInteger[0]), serverUrlObj, options, debug); } finally { if (debug != null && debug.size() > 0) { RequestResponsePair reqResp = debug.get(0); if (saveReq) { byte[] bytes = reqResp.getRequest(); if (bytes != null) { IoUtil.save(reqout, bytes); } } if (saveResp) { byte[] bytes = reqResp.getResponse(); if (bytes != null) { IoUtil.save(respout, bytes); } } } // end if } // end finally return processResponse(response, respIssuer, issuerHash, sns, encodedCerts); }