org.bouncycastle.asn1.x509.CertificateList Java Examples
The following examples show how to use
org.bouncycastle.asn1.x509.CertificateList.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CAdESTimestampSource.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
protected List<Identifier> getEncapsulatedCRLIdentifiers(CAdESAttribute unsignedAttribute) {
List<Identifier> crlBinaryIdentifiers = new ArrayList<>();
ASN1Encodable asn1Object = unsignedAttribute.getASN1Object();
RevocationValues revocationValues = DSSASN1Utils.getRevocationValues(asn1Object);
if (revocationValues != null) {
for (final CertificateList revValue : revocationValues.getCrlVals()) {
try {
crlBinaryIdentifiers.add(CRLUtils.buildCRLBinary(revValue.getEncoded()));
} catch (Exception e) {
String errorMessage = "Unable to parse CRL binaries : {}";
if (LOG.isDebugEnabled()) {
LOG.warn(errorMessage, e.getMessage(), e);
} else {
LOG.warn(errorMessage, e.getMessage());
}
}
}
}
return crlBinaryIdentifiers;
}
Example #2
| Source File: Actions.java From xipki with Apache License 2.0 | 6 votes |
|
@Override
protected Object execute0() throws Exception {
CertificateList crl = CertificateList.getInstance(
X509Util.toDerEncoded(IoUtil.read(inFile)));
if (crlNumber != null && crlNumber) {
ASN1Encodable asn1 = crl.getTBSCertList().getExtensions().getExtensionParsedValue(
Extension.cRLNumber);
if (asn1 == null) {
return "null";
}
return getNumber(ASN1Integer.getInstance(asn1).getPositiveValue());
} else if (issuer != null && issuer) {
return crl.getIssuer().toString();
} else if (thisUpdate != null && thisUpdate) {
return toUtcTimeyyyyMMddhhmmssZ(crl.getThisUpdate().getDate());
} else if (nextUpdate != null && nextUpdate) {
return crl.getNextUpdate() == null ? "null" :
toUtcTimeyyyyMMddhhmmssZ(crl.getNextUpdate().getDate());
}
return null;
}
Example #3
| Source File: ScepResponder.java From xipki with Apache License 2.0 | 6 votes |
|
private SignedData getCrl(X509Ca ca, BigInteger serialNumber)
throws FailInfoException, OperationException {
if (!control.isSupportGetCrl()) {
throw FailInfoException.BAD_REQUEST;
}
CertificateList crl = ca.getBcCurrentCrl();
if (crl == null) {
LOG.error("found no CRL");
throw FailInfoException.BAD_REQUEST;
}
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData signedData;
try {
signedData = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
LogUtil.error(LOG, ex, "could not generate CMSSignedData");
throw new OperationException(ErrorCode.SYSTEM_FAILURE, ex);
}
return SignedData.getInstance(signedData.toASN1Structure().getContent());
}
Example #4
| Source File: RevocationValues.java From signer with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public Attribute getValue() throws SignerException {
List<X509CRL> crlList = new ArrayList<X509CRL>();
ArrayList<CertificateList> crlVals = new ArrayList<CertificateList>();
List<BasicOCSPResponse> ocspVals = new ArrayList<BasicOCSPResponse>();
try {
int chainSize = certificates.length -1;
for (int ix = 0; ix < chainSize; ix++ ){
X509Certificate cert = (X509Certificate) certificates[ix];
Collection<ICPBR_CRL> icpCrls = crlRepository.getX509CRL(cert);
for (ICPBR_CRL icpCrl : icpCrls) {
crlList.add(icpCrl.getCRL());
}
}
if (crlList.isEmpty()){
throw new SignerException(cadesMessagesBundle.getString("error.crl.list.empty"));
}else{
for(X509CRL varCrl : crlList){
crlVals.add(CertificateList.getInstance(varCrl.getEncoded()));
}
}
CertificateList[] crlValuesArray = new CertificateList[crlVals.size()];
BasicOCSPResponse[] ocspValuesArray = new BasicOCSPResponse[ocspVals.size()];
// OtherRevVals otherRevVals = new OtherRevVals(null);
//return new Attribute(new ASN1ObjectIdentifier(identifier), new DERSet(null));
//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), ocspVals.toArray(ocspValuesArray), null);
//org.bouncycastle.asn1.esf.RevocationValues revocationVals = new org.bouncycastle.asn1.esf.RevocationValues(crlVals.toArray(crlValuesArray), null, null);
return new Attribute(new ASN1ObjectIdentifier(identifier),new DERSet(new DERSequence(crlVals.toArray(crlValuesArray))));
} catch (Exception e) {
throw new SignerException(e.getMessage());
}
}
Example #5
| Source File: CMSCRLSource.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private void collectRevocationValues(AttributeTable attributes, ASN1ObjectIdentifier revocationValuesAttribute, RevocationOrigin origin) {
final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, revocationValuesAttribute);
RevocationValues revValues = DSSASN1Utils.getRevocationValues(attValue);
if (revValues != null) {
for (final CertificateList revValue : revValues.getCrlVals()) {
addX509CRLHolder(new X509CRLHolder(revValue), origin);
}
}
}
Example #6
| Source File: PAdESCRLSource.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private void collectCRLArchivalValues(AttributeTable attributes) {
final ASN1Encodable attValue = DSSASN1Utils.getAsn1Encodable(attributes, OID.adbe_revocationInfoArchival);
RevocationInfoArchival revValues = PAdESUtils.getRevocationInfoArchivals(attValue);
if (revValues != null) {
for (final CertificateList revValue : revValues.getCrlVals()) {
try {
addBinary(CRLUtils.buildCRLBinary(revValue.getEncoded()), RevocationOrigin.ADBE_REVOCATION_INFO_ARCHIVAL);
} catch (IOException e) {
LOG.warn("Could not convert CertificateList to CRLBinary : {}", e.getMessage());
}
}
}
}
Example #7
| Source File: RevocationInfoArchival.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private RevocationInfoArchival(ASN1Sequence seq)
{
if (seq.size() > 3)
{
throw new IllegalArgumentException("Bad sequence size: "
+ seq.size());
}
Enumeration e = seq.getObjects();
while (e.hasMoreElements())
{
ASN1TaggedObject o = (ASN1TaggedObject)e.nextElement();
switch (o.getTagNo())
{
case 0:
ASN1Sequence crlValsSeq = (ASN1Sequence)o.getObject();
Enumeration crlValsEnum = crlValsSeq.getObjects();
while (crlValsEnum.hasMoreElements())
{
CertificateList.getInstance(crlValsEnum.nextElement());
}
this.crlVals = crlValsSeq;
break;
case 1:
ASN1Sequence ocspValsSeq = (ASN1Sequence)o.getObject();
Enumeration ocspValsEnum = ocspValsSeq.getObjects();
while (ocspValsEnum.hasMoreElements())
{
OCSPResponse.getInstance(ocspValsEnum.nextElement());
}
this.ocspVals = ocspValsSeq;
break;
case 2:
this.otherRevVals = OtherRevVals.getInstance(o.getObject());
break;
default:
throw new IllegalArgumentException("invalid tag: "
+ o.getTagNo());
}
}
}
Example #8
| Source File: RevocationInfoArchival.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
public RevocationInfoArchival(CertificateList[] crlVals, OCSPResponse[] ocspVals, OtherRevVals otherRevVals)
{
if (null != crlVals)
{
this.crlVals = new DERSequence(crlVals);
}
if (null != ocspVals)
{
this.ocspVals = new DERSequence(ocspVals);
}
this.otherRevVals = otherRevVals;
}
Example #9
| Source File: RevocationInfoArchival.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
public CertificateList[] getCrlVals()
{
if (null == this.crlVals)
{
return new CertificateList[0];
}
CertificateList[] result = new CertificateList[this.crlVals.size()];
for (int idx = 0; idx < result.length; idx++)
{
result[idx] = CertificateList.getInstance(this.crlVals
.getObjectAt(idx));
}
return result;
}
Example #10
| Source File: ScepUtil.java From xipki with Apache License 2.0 | 5 votes |
|
public static X509CRLHolder getCrlFromPkiMessage(SignedData signedData) throws CRLException {
Args.notNull(signedData, "signedData");
ASN1Set set = signedData.getCRLs();
if (set == null || set.size() == 0) {
return null;
}
try {
CertificateList cl = CertificateList.getInstance(set.getObjectAt(0));
return new X509CRLHolder(cl);
} catch (IllegalArgumentException ex) {
throw new CRLException(ex);
}
}
Example #11
| Source File: ScepResponder.java From xipki with Apache License 2.0 | 5 votes |
|
private ContentInfo createSignedData(CertificateList crl) throws CaException {
CMSSignedDataGenerator cmsSignedDataGen = new CMSSignedDataGenerator();
cmsSignedDataGen.addCRL(new X509CRLHolder(crl));
CMSSignedData cmsSigneddata;
try {
cmsSigneddata = cmsSignedDataGen.generate(new CMSAbsentContent());
} catch (CMSException ex) {
throw new CaException(ex.getMessage(), ex);
}
return cmsSigneddata.toASN1Structure();
}
Example #12
| Source File: CmpResponder.java From xipki with Apache License 2.0 | 5 votes |
|
public CertificateList getCrl(CmpRequestorInfo requestor, BigInteger crlNumber)
throws OperationException {
Args.notNull(requestor, "requestor");
try {
checkPermission(requestor, PermissionConstants.GET_CRL);
} catch (InsuffientPermissionException ex) {
throw new OperationException(ErrorCode.NOT_PERMITTED, ex.getMessage());
}
X509Ca ca = getCa();
return (crlNumber == null) ? ca.getBcCurrentCrl() : ca.getBcCrl(crlNumber);
}
Example #13
| Source File: X509Ca.java From xipki with Apache License 2.0 | 5 votes |
|
public CertificateList getBcCrl(BigInteger crlNumber) throws OperationException {
LOG.info(" START getCrl: ca={}, crlNumber={}", caIdent.getName(), crlNumber);
boolean successful = false;
try {
byte[] encodedCrl = certstore.getEncodedCrl(caIdent, crlNumber);
if (encodedCrl == null) {
return null;
}
try {
CertificateList crl = CertificateList.getInstance(encodedCrl);
successful = true;
if (LOG.isInfoEnabled()) {
LOG.info("SUCCESSFUL getCrl: ca={}, thisUpdate={}", caIdent.getName(),
crl.getThisUpdate().getTime());
}
return crl;
} catch (RuntimeException ex) {
throw new OperationException(SYSTEM_FAILURE, ex);
}
} finally {
if (!successful) {
LOG.info(" FAILED getCrl: ca={}", caIdent.getName());
}
}
}
Example #14
| Source File: CmpAgent.java From xipki with Apache License 2.0 | 4 votes |
|
private X509CRLHolder evaluateCrlResponse(VerifiedPkiMessage response, Integer xipkiAction)
throws CmpClientException, PkiErrorException {
checkProtection(Args.notNull(response, "response"));
PKIBody respBody = response.getPkiMessage().getBody();
int bodyType = respBody.getType();
if (PKIBody.TYPE_ERROR == bodyType) {
ErrorMsgContent content = ErrorMsgContent.getInstance(respBody.getContent());
throw new PkiErrorException(content.getPKIStatusInfo());
} else if (PKIBody.TYPE_GEN_REP != bodyType) {
throw new CmpClientException(String.format(
"unknown PKI body type %s instead the expected [%s, %s]",
bodyType, PKIBody.TYPE_GEN_REP, PKIBody.TYPE_ERROR));
}
ASN1ObjectIdentifier expectedType = (xipkiAction == null)
? CMPObjectIdentifiers.it_currentCRL : ObjectIdentifiers.Xipki.id_xipki_cmp_cmpGenmsg;
GenRepContent genRep = GenRepContent.getInstance(respBody.getContent());
InfoTypeAndValue[] itvs = genRep.toInfoTypeAndValueArray();
InfoTypeAndValue itv = null;
if (itvs != null && itvs.length > 0) {
for (InfoTypeAndValue m : itvs) {
if (expectedType.equals(m.getInfoType())) {
itv = m;
break;
}
}
}
if (itv == null) {
throw new CmpClientException("the response does not contain InfoTypeAndValue "
+ expectedType);
}
ASN1Encodable certListAsn1Object = (xipkiAction == null) ? itv.getInfoValue()
: extractXiActionContent(itv.getInfoValue(), xipkiAction);
CertificateList certList = CertificateList.getInstance(certListAsn1Object);
return new X509CRLHolder(certList);
}
Example #15
| Source File: Msp.java From julongchain with Apache License 2.0 | 4 votes |
|
public CertificateList[] getCertRevokList() {
return certRevokList;
}
Example #16
| Source File: X509Ca.java From xipki with Apache License 2.0 | 4 votes |
|
public CertificateList getBcCurrentCrl() throws OperationException {
return getBcCrl(null);
}
Example #17
| Source File: Msp.java From julongchain with Apache License 2.0 | 4 votes |
|
public void setCertRevokList(CertificateList[] certRevokList) {
this.certRevokList = certRevokList;
}
